npm - claude-flow-novice - Versions diffs - 2.15.3 → 2.15.4 - Mend

claude-flow-novice 2.15.3 → 2.15.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (461) hide show

package/dist/cli/agent-spawn.js CHANGED Viewed

@@ -9,10 +9,118 @@
  * Examples:
  *   npx cfn-spawn agent researcher --task-id task-123 --iteration 1
  *   npx cfn-spawn researcher --task-id task-123 --iteration 1
- */ import { spawn } from 'child_process';
+ */ import { spawn, execFileSync } from 'child_process';
+/**
+ * SECURITY: Parameter validation to prevent command injection (CVSS 8.9)
+ * Validates all parameters that will be passed to execFileSync()
+ */ /**
+ * Validates taskId format to prevent command injection attacks
+ * Pattern: alphanumeric, underscore, hyphen only, 1-64 chars
+ */ function validateTaskId(taskId) {
+    if (typeof taskId !== 'string' || taskId.length === 0) {
+        return {
+            valid: false,
+            error: 'Task ID must be a non-empty string'
+        };
+    }
+    const taskIdPattern = /^[a-zA-Z0-9_-]{1,64}$/;
+    if (!taskIdPattern.test(taskId)) {
+        return {
+            valid: false,
+            error: 'Invalid task ID format - must contain only alphanumeric characters, underscores, and hyphens (max 64 chars)'
+        };
+    }
+    return {
+        valid: true
+    };
+}
+/**
+ * Validates Redis host to prevent command injection
+ * Allows: hostnames, domain names, localhost, IPv4, IPv6 (::1)
+ */ function validateRedisHost(host) {
+    if (typeof host !== 'string' || host.length === 0) {
+        return {
+            valid: false,
+            error: 'Redis host must be a non-empty string'
+        };
+    }
+    // Pattern: alphanumeric, hyphens, dots (for domains), plus special IPv6 loopback
+    const hostPattern = /^[a-zA-Z0-9.-]+$|^::1$/;
+    if (!hostPattern.test(host)) {
+        return {
+            valid: false,
+            error: 'Invalid Redis host format'
+        };
+    }
+    return {
+        valid: true
+    };
+}
+/**
+ * Validates Redis port to prevent command injection
+ * Range: 1-65535
+ */ function validateRedisPort(port) {
+    if (typeof port !== 'string' || port.length === 0) {
+        return {
+            valid: false,
+            error: 'Redis port must be a non-empty string'
+        };
+    }
+    const portNum = parseInt(port, 10);
+    if (isNaN(portNum) || portNum < 1 || portNum > 65535) {
+        return {
+            valid: false,
+            error: 'Invalid Redis port - must be between 1 and 65535'
+        };
+    }
+    return {
+        valid: true
+    };
+}
+/**
+ * Safely retrieves context from Redis using execFileSync()
+ * Prevents command injection by using array-based arguments instead of template literals
+ */ function getRedisContextSafely(taskId, redisHost, redisPort, contextKey) {
+    try {
+        // Validate all parameters BEFORE executing
+        const taskIdValidation = validateTaskId(taskId);
+        if (!taskIdValidation.valid) {
+            console.warn(`[cfn-spawn] Invalid task ID: ${taskIdValidation.error}`);
+            return '';
+        }
+        const hostValidation = validateRedisHost(redisHost);
+        if (!hostValidation.valid) {
+            console.warn(`[cfn-spawn] Invalid Redis host: ${hostValidation.error}`);
+            return '';
+        }
+        const portValidation = validateRedisPort(redisPort);
+        if (!portValidation.valid) {
+            console.warn(`[cfn-spawn] Invalid Redis port: ${portValidation.error}`);
+            return '';
+        }
+        // All parameters validated - now execute safely with execFileSync()
+        // Using array arguments prevents shell interpolation of metacharacters
+        const redisKey = `swarm:${taskId}:${contextKey}`;
+        const result = execFileSync('redis-cli', [
+            '-h',
+            redisHost,
+            '-p',
+            redisPort,
+            'get',
+            redisKey
+        ], {
+            encoding: 'utf8'
+        });
+        const trimmed = result.trim();
+        return trimmed === '(nil)' ? '' : trimmed;
+    } catch (e) {
+        // Redis not available or key doesn't exist - fail silently
+        return '';
+    }
+}
 /**
  * Parse command line arguments for agent spawning
- */ function parseAgentArgs(args) {
+ */ export function parseAgentArgs(args) {
     // Handle both "agent <type>" and "<type>" patterns
     let agentType;
     let optionArgs;
@@ -23,7 +131,8 @@
         agentType = args[0];
         optionArgs = args.slice(1);
     }
-    if (!agentType) {
+    // Validate agent type exists and is not a flag
+    if (!agentType || agentType.startsWith('--')) {
         console.error('Error: Agent type is required');
         console.error('Usage: cfn-spawn agent <type> [options]');
         return null;
@@ -69,7 +178,7 @@
  *
  * This is a wrapper/alias for the existing claude-flow-novice agent spawning mechanism
  * Provides the cfn-spawn naming pattern while delegating to the working implementation
- */ async function spawnAgent(options) {
+ */ export async function spawnAgent(options) {
     const { agentType, agentId, taskId, iteration, context, mode, priority, parentTaskId } = options;
     console.log(`[cfn-spawn] Spawning agent: ${agentType}`);
     if (agentId) console.log(`[cfn-spawn]   Agent ID: ${agentId}`);
@@ -110,43 +219,27 @@
     let phaseContext = '';
     let successCriteria = '';
     if (taskId) {
-        try {
-            const { execSync } = await import('child_process');
-            // Bug #6 Fix: Read Redis connection parameters from process.env and interpolate in TypeScript
-            const redisHost = process.env.CFN_REDIS_HOST || 'cfn-redis';
-            const redisPort = process.env.CFN_REDIS_PORT || '6379';
+        // SECURITY FIX (CVSS 8.9): Use safe parameter validation and execFileSync()
+        // Prevent command injection by validating all parameters BEFORE execution
+        const redisHost = process.env.CFN_REDIS_HOST || 'cfn-redis';
+        const redisPort = process.env.CFN_REDIS_PORT || '6379';
+        // Validate Redis connection parameters
+        const hostValidation = validateRedisHost(redisHost);
+        const portValidation = validateRedisPort(redisPort);
+        if (hostValidation.valid && portValidation.valid) {
             // Try to read epic-level context from Redis
-            try {
-                epicContext = execSync(`redis-cli -h ${redisHost} -p ${redisPort} get "swarm:${taskId}:epic-context"`, {
-                    encoding: 'utf8'
-                }).trim();
-                if (epicContext === '(nil)') epicContext = '';
-            } catch (e) {
-            // Redis not available or key doesn't exist
-            }
+            epicContext = getRedisContextSafely(taskId, redisHost, redisPort, 'epic-context');
             // Try to read phase-specific context
-            try {
-                phaseContext = execSync(`redis-cli -h ${redisHost} -p ${redisPort} get "swarm:${taskId}:phase-context"`, {
-                    encoding: 'utf8'
-                }).trim();
-                if (phaseContext === '(nil)') phaseContext = '';
-            } catch (e) {
-            // Redis not available or key doesn't exist
-            }
+            phaseContext = getRedisContextSafely(taskId, redisHost, redisPort, 'phase-context');
             // Try to read success criteria
-            try {
-                successCriteria = execSync(`redis-cli -h ${redisHost} -p ${redisPort} get "swarm:${taskId}:success-criteria"`, {
-                    encoding: 'utf8'
-                }).trim();
-                if (successCriteria === '(nil)') successCriteria = '';
-            } catch (e) {
-            // Redis not available or key doesn't exist
-            }
+            successCriteria = getRedisContextSafely(taskId, redisHost, redisPort, 'success-criteria');
             if (epicContext) {
                 console.log(`[cfn-spawn]   Epic context loaded from Redis`);
             }
-        } catch (err) {
-            console.warn(`[cfn-spawn]   Could not load epic context from Redis:`, err);
+        } else {
+            console.warn(`[cfn-spawn]   Invalid Redis configuration - skipping context load`);
+            if (!hostValidation.valid) console.warn(`[cfn-spawn]   ${hostValidation.error}`);
+            if (!portValidation.valid) console.warn(`[cfn-spawn]   ${portValidation.error}`);
         }
     }
     // Add environment variables for agent context - WHITELIST ONLY APPROACH
@@ -233,10 +326,10 @@
 }
 /**
  * Build task description for the agent
- */ function buildTaskDescription(agentType, taskId, iteration, context) {
+ */ export function buildTaskDescription(agentType, taskId, iteration, context) {
     let desc = `Execute task as ${agentType} agent`;
     if (taskId) desc += ` for task ${taskId}`;
-    if (iteration) desc += ` (iteration ${iteration})`;
+    if (iteration !== undefined) desc += ` (iteration ${iteration})`;
     if (context) desc += `: ${context}`;
     return desc;
 }

package/dist/cli/agent-spawn.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/cli/agent-spawn.ts"],"sourcesContent":["#!/usr/bin/env node\r\n/*\r\n Agent Spawning CLI - Direct agent process spawning\r\n \r\n Usage:\r\n * npx cfn-spawn agent <type> [options]\r\n * npx cfn-spawn <type> [options] (agent is implied)\r\n \r\n Examples:\r\n * npx cfn-spawn agent researcher --task-id task-123 --iteration 1\r\n * npx cfn-spawn researcher --task-id task-123 --iteration 1\r\n /\r\n\r\nimport { spawn } from 'child_process';\r\nimport { resolve } from 'path';\r\n\r\ninterface AgentSpawnOptions {\r\n agentType: string;\r\n agentId?: string;\r\n taskId?: string;\r\n iteration?: number;\r\n context?: string;\r\n mode?: string;\r\n priority?: number;\r\n parentTaskId?: string;\r\n}\r\n\r\n/\r\n Parse command line arguments for agent spawning\r\n /\r\nfunction parseAgentArgs(args: string[]): AgentSpawnOptions \| null {\r\n // Handle both \"agent <type>\" and \"<type>\" patterns\r\n let agentType: string;\r\n let optionArgs: string[];\r\n\r\n if (args[0] === 'agent') {\r\n agentType = args[1];\r\n optionArgs = args.slice(2);\r\n } else {\r\n agentType = args[0];\r\n optionArgs = args.slice(1);\r\n }\r\n\r\n if (!agentType) {\r\n console.error('Error: Agent type is required');\r\n console.error('Usage: cfn-spawn agent <type> [options]');\r\n return null;\r\n }\r\n\r\n const options: AgentSpawnOptions = { agentType };\r\n\r\n // Parse optional parameters\r\n for (let i = 0; i < optionArgs.length; i += 2) {\r\n const key = optionArgs[i];\r\n const value = optionArgs[i + 1];\r\n\r\n switch (key) {\r\n case '--agent-id':\r\n options.agentId = value;\r\n break;\r\n case '--task-id':\r\n options.taskId = value;\r\n break;\r\n case '--iteration':\r\n options.iteration = parseInt(value, 10);\r\n break;\r\n case '--context':\r\n options.context = value;\r\n break;\r\n case '--mode':\r\n options.mode = value;\r\n break;\r\n case '--priority':\r\n options.priority = parseInt(value, 10);\r\n break;\r\n case '--parent-task':\r\n case '--parent-task-id':\r\n options.parentTaskId = value;\r\n break;\r\n default:\r\n console.warn(`Unknown option: ${key}`);\r\n }\r\n }\r\n\r\n return options;\r\n}\r\n\r\n/\r\n Spawn an agent process using npx claude-flow-novice agent\r\n \r\n This is a wrapper/alias for the existing claude-flow-novice agent spawning mechanism\r\n * Provides the cfn-spawn naming pattern while delegating to the working implementation\r\n /\r\nasync function spawnAgent(options: AgentSpawnOptions): Promise<void> {\r\n const { agentType, agentId, taskId, iteration, context, mode, priority, parentTaskId } = options;\r\n\r\n console.log(`[cfn-spawn] Spawning agent: ${agentType}`);\r\n if (agentId) console.log(`[cfn-spawn] Agent ID: ${agentId}`);\r\n if (taskId) console.log(`[cfn-spawn] Task ID: ${taskId}`);\r\n if (iteration) console.log(`[cfn-spawn] Iteration: ${iteration}`);\r\n if (context) console.log(`[cfn-spawn] Context: ${context}`);\r\n if (mode) console.log(`[cfn-spawn] Mode: ${mode}`);\r\n\r\n // Build command arguments for npx claude-flow-novice agent\r\n const claudeArgs = ['claude-flow-novice', 'agent', agentType];\r\n\r\n // Add optional parameters\r\n if (agentId) {\r\n claudeArgs.push('--agent-id', agentId);\r\n }\r\n if (taskId) {\r\n claudeArgs.push('--task-id', taskId);\r\n }\r\n if (iteration) {\r\n claudeArgs.push('--iteration', iteration.toString());\r\n }\r\n if (context) {\r\n claudeArgs.push('--context', context);\r\n }\r\n if (mode) {\r\n claudeArgs.push('--mode', mode);\r\n }\r\n if (priority) {\r\n claudeArgs.push('--priority', priority.toString());\r\n }\r\n if (parentTaskId) {\r\n claudeArgs.push('--parent-task-id', parentTaskId);\r\n }\r\n\r\n // Fetch epic context from Redis if available\r\n let epicContext = '';\r\n let phaseContext = '';\r\n let successCriteria = '';\r\n\r\n if (taskId) {\r\n try {\r\n const { execSync } = await import('child_process');\r\n\r\n // Bug #6 Fix: Read Redis connection parameters from process.env and interpolate in TypeScript\r\n const redisHost = process.env.CFN_REDIS_HOST \|\| 'cfn-redis';\r\n const redisPort = process.env.CFN_REDIS_PORT \|\| '6379';\r\n\r\n // Try to read epic-level context from Redis\r\n try {\r\n epicContext = execSync(`redis-cli -h ${redisHost} -p ${redisPort} get \"swarm:${taskId}:epic-context\"`, { encoding: 'utf8' }).trim();\r\n if (epicContext === '(nil)') epicContext = '';\r\n } catch (e) {\r\n // Redis not available or key doesn't exist\r\n }\r\n\r\n // Try to read phase-specific context\r\n try {\r\n phaseContext = execSync(`redis-cli -h ${redisHost} -p ${redisPort} get \"swarm:${taskId}:phase-context\"`, { encoding: 'utf8' }).trim();\r\n if (phaseContext === '(nil)') phaseContext = '';\r\n } catch (e) {\r\n // Redis not available or key doesn't exist\r\n }\r\n\r\n // Try to read success criteria\r\n try {\r\n successCriteria = execSync(`redis-cli -h ${redisHost} -p ${redisPort} get \"swarm:${taskId}:success-criteria\"`, { encoding: 'utf8' }).trim();\r\n if (successCriteria === '(nil)') successCriteria = '';\r\n } catch (e) {\r\n // Redis not available or key doesn't exist\r\n }\r\n\r\n if (epicContext) {\r\n console.log(`[cfn-spawn] Epic context loaded from Redis`);\r\n }\r\n } catch (err) {\r\n console.warn(`[cfn-spawn] Could not load epic context from Redis:`, err);\r\n }\r\n }\r\n\r\n // Add environment variables for agent context - WHITELIST ONLY APPROACH\r\n // SECURITY FIX: Do not use ...process.env spread which exposes ALL variables including secrets\r\n // Instead, explicitly whitelist safe variables to pass to spawned process\r\n const safeEnvVars = [\r\n 'CFN_REDIS_HOST',\r\n 'CFN_REDIS_PORT',\r\n 'CFN_REDIS_URL',\r\n 'CFN_MEMORY_BUDGET',\r\n 'CFN_API_HOST',\r\n 'CFN_API_PORT',\r\n 'CFN_LOG_LEVEL',\r\n 'CFN_LOG_FORMAT',\r\n 'CFN_CONTAINER_MODE',\r\n 'CFN_DOCKER_SOCKET',\r\n 'CFN_NETWORK_NAME',\r\n 'CFN_CUSTOM_ROUTING',\r\n 'CFN_DEFAULT_PROVIDER',\r\n 'NODE_ENV',\r\n 'PATH',\r\n 'HOME'\r\n ];\r\n\r\n // Build whitelist-only env object\r\n const env: Record<string, string> = {};\r\n\r\n // Add whitelisted CFN variables\r\n for (const key of safeEnvVars) {\r\n const value = process.env[key];\r\n if (value !== undefined) {\r\n env[key] = value;\r\n }\r\n }\r\n\r\n // Add API key only when explicitly needed (with strict validation)\r\n if (process.env.ANTHROPIC_API_KEY) {\r\n // Validate format: should start with \"sk-\" or \"sk-ant-\"\r\n if (process.env.ANTHROPIC_API_KEY.match(/^sk-[a-zA-Z0-9-]+$/)) {\r\n env.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;\r\n } else {\r\n console.warn('[cfn-spawn] Warning: ANTHROPIC_API_KEY format invalid, not passing to agent');\r\n }\r\n }\r\n\r\n // Add task and execution context variables\r\n env.AGENT_TYPE = agentType;\r\n env.TASK_ID = taskId \|\| '';\r\n env.ITERATION = iteration?.toString() \|\| '1';\r\n env.CONTEXT = context \|\| '';\r\n env.MODE = mode \|\| 'cli';\r\n env.PRIORITY = priority?.toString() \|\| '5';\r\n env.PARENT_TASK_ID = parentTaskId \|\| '';\r\n\r\n // Epic-level context from Redis (sanitized)\r\n env.EPIC_CONTEXT = epicContext;\r\n env.PHASE_CONTEXT = phaseContext;\r\n env.SUCCESS_CRITERIA = successCriteria;\r\n\r\n console.log(`[cfn-spawn] Executing: npx ${claudeArgs.join(' ')}`);\r\n\r\n // Spawn the claude-flow-novice agent process\r\n const agentProcess = spawn('npx', claudeArgs, {\r\n stdio: 'inherit',\r\n env,\r\n cwd: process.cwd()\r\n });\r\n\r\n // Handle process exit\r\n agentProcess.on('exit', (code, signal) => {\r\n if (code === 0) {\r\n console.log(`[cfn-spawn] Agent ${agentType} completed successfully`);\r\n } else {\r\n console.error(`[cfn-spawn] Agent ${agentType} exited with code ${code}, signal ${signal}`);\r\n }\r\n process.exit(code \|\| 0);\r\n });\r\n\r\n // Handle process errors\r\n agentProcess.on('error', (err) => {\r\n console.error(`[cfn-spawn] Failed to spawn agent ${agentType}:`, err.message);\r\n process.exit(1);\r\n });\r\n\r\n // Cleanup on parent exit\r\n process.on('SIGINT', () => {\r\n console.log('\\n[cfn-spawn] Received SIGINT, terminating agent...');\r\n agentProcess.kill('SIGINT');\r\n });\r\n\r\n process.on('SIGTERM', () => {\r\n console.log('\\n[cfn-spawn] Received SIGTERM, terminating agent...');\r\n agentProcess.kill('SIGTERM');\r\n });\r\n}\r\n\r\n/\r\n Build task description for the agent\r\n /\r\nfunction buildTaskDescription(\r\n agentType: string,\r\n taskId?: string,\r\n iteration?: number,\r\n context?: string\r\n): string {\r\n let desc = `Execute task as ${agentType} agent`;\r\n\r\n if (taskId) desc += ` for task ${taskId}`;\r\n if (iteration) desc += ` (iteration ${iteration})`;\r\n if (context) desc += `: ${context}`;\r\n\r\n return desc;\r\n}\r\n\r\n/\r\n Main CLI entry point\r\n */\r\nexport async function main(args: string[] = process.argv.slice(2)): Promise<void> {\r\n // Show help if requested\r\n if (args.includes('--help') \|\| args.includes('-h')) {\r\n console.log(`\r\ncfn-spawn - Claude Flow Novice Agent Spawner\r\n\r\nUsage:\r\n cfn-spawn agent <type> [options]\r\n cfn-spawn <type> [options] (agent is implied)\r\n\r\nOptions:\r\n --agent-id <id> Explicit agent identifier (overrides auto-generation)\r\n --task-id <id> Task identifier\r\n --iteration <n> Iteration number\r\n --context <text> Context description\r\n --mode <mode> Execution mode (cli, api, hybrid)\r\n --priority <1-10> Task priority\r\n --parent-task-id <id> Parent task identifier\r\n\r\nExamples:\r\n cfn-spawn agent researcher --task-id task-123 --iteration 1\r\n cfn-spawn coder --task-id auth-impl --context \"Implement JWT auth\"\r\n cfn-spawn reviewer --task-id auth-impl --iteration 2 --mode cli\r\n cfn-spawn tester --agent-id tester-1-1 --task-id test-phase --iteration 1\r\n `);\r\n return;\r\n }\r\n\r\n // Parse arguments\r\n const options = parseAgentArgs(args);\r\n if (!options) {\r\n process.exit(1);\r\n }\r\n\r\n // Spawn the agent\r\n await spawnAgent(options);\r\n}\r\n\r\n// Run if called directly\r\n// ES module check - compare import.meta.url with the executed file\r\nconst isMainModule = import.meta.url.endsWith(process.argv[1]?.replace(/\\\\/g, '/') \|\| '');\r\nif (isMainModule) {\r\n main().catch((err) => {\r\n console.error('[cfn-spawn] Fatal error:', err);\r\n process.exit(1);\r\n });\r\n}\r\n"],"names":["spawn","parseAgentArgs","args","agentType","optionArgs","slice","console","error","options","i","length","key","value","agentId","taskId","iteration","parseInt","context","mode","priority","parentTaskId","warn","spawnAgent","log","claudeArgs","push","toString","epicContext","phaseContext","successCriteria","execSync","redisHost","process","env","CFN_REDIS_HOST","redisPort","CFN_REDIS_PORT","encoding","trim","e","err","safeEnvVars","undefined","ANTHROPIC_API_KEY","match","AGENT_TYPE","TASK_ID","ITERATION","CONTEXT","MODE","PRIORITY","PARENT_TASK_ID","EPIC_CONTEXT","PHASE_CONTEXT","SUCCESS_CRITERIA","join","agentProcess","stdio","cwd","on","code","signal","exit","message","kill","buildTaskDescription","desc","main","argv","includes","isMainModule","url","endsWith","replace","catch"],"mappings":";AACA;;;;;;;;;;CAUC,GAED,SAASA,KAAK,QAAQ,gBAAgB;AActC;;CAEC,GACD,SAASC,eAAeC,IAAc;IACpC,mDAAmD;IACnD,IAAIC;IACJ,IAAIC;IAEJ,IAAIF,IAAI,CAAC,EAAE,KAAK,SAAS;QACvBC,YAAYD,IAAI,CAAC,EAAE;QACnBE,aAAaF,KAAKG,KAAK,CAAC;IAC1B,OAAO;QACLF,YAAYD,IAAI,CAAC,EAAE;QACnBE,aAAaF,KAAKG,KAAK,CAAC;IAC1B;IAEA,IAAI,CAACF,WAAW;QACdG,QAAQC,KAAK,CAAC;QACdD,QAAQC,KAAK,CAAC;QACd,OAAO;IACT;IAEA,MAAMC,UAA6B;QAAEL;IAAU;IAE/C,4BAA4B;IAC5B,IAAK,IAAIM,IAAI,GAAGA,IAAIL,WAAWM,MAAM,EAAED,KAAK,EAAG;QAC7C,MAAME,MAAMP,UAAU,CAACK,EAAE;QACzB,MAAMG,QAAQR,UAAU,CAACK,IAAI,EAAE;QAE/B,OAAQE;YACN,KAAK;gBACHH,QAAQK,OAAO,GAAGD;gBAClB;YACF,KAAK;gBACHJ,QAAQM,MAAM,GAAGF;gBACjB;YACF,KAAK;gBACHJ,QAAQO,SAAS,GAAGC,SAASJ,OAAO;gBACpC;YACF,KAAK;gBACHJ,QAAQS,OAAO,GAAGL;gBAClB;YACF,KAAK;gBACHJ,QAAQU,IAAI,GAAGN;gBACf;YACF,KAAK;gBACHJ,QAAQW,QAAQ,GAAGH,SAASJ,OAAO;gBACnC;YACF,KAAK;YACL,KAAK;gBACHJ,QAAQY,YAAY,GAAGR;gBACvB;YACF;gBACEN,QAAQe,IAAI,CAAC,CAAC,gBAAgB,EAAEV,KAAK;QACzC;IACF;IAEA,OAAOH;AACT;AAEA;;;;;CAKC,GACD,eAAec,WAAWd,OAA0B;IAClD,MAAM,EAAEL,SAAS,EAAEU,OAAO,EAAEC,MAAM,EAAEC,SAAS,EAAEE,OAAO,EAAEC,IAAI,EAAEC,QAAQ,EAAEC,YAAY,EAAE,GAAGZ;IAEzFF,QAAQiB,GAAG,CAAC,CAAC,4BAA4B,EAAEpB,WAAW;IACtD,IAAIU,SAASP,QAAQiB,GAAG,CAAC,CAAC,wBAAwB,EAAEV,SAAS;IAC7D,IAAIC,QAAQR,QAAQiB,GAAG,CAAC,CAAC,uBAAuB,EAAET,QAAQ;IAC1D,IAAIC,WAAWT,QAAQiB,GAAG,CAAC,CAAC,yBAAyB,EAAER,WAAW;IAClE,IAAIE,SAASX,QAAQiB,GAAG,CAAC,CAAC,uBAAuB,EAAEN,SAAS;IAC5D,IAAIC,MAAMZ,QAAQiB,GAAG,CAAC,CAAC,oBAAoB,EAAEL,MAAM;IAEnD,2DAA2D;IAC3D,MAAMM,aAAa;QAAC;QAAsB;QAASrB;KAAU;IAE7D,0BAA0B;IAC1B,IAAIU,SAAS;QACXW,WAAWC,IAAI,CAAC,cAAcZ;IAChC;IACA,IAAIC,QAAQ;QACVU,WAAWC,IAAI,CAAC,aAAaX;IAC/B;IACA,IAAIC,WAAW;QACbS,WAAWC,IAAI,CAAC,eAAeV,UAAUW,QAAQ;IACnD;IACA,IAAIT,SAAS;QACXO,WAAWC,IAAI,CAAC,aAAaR;IAC/B;IACA,IAAIC,MAAM;QACRM,WAAWC,IAAI,CAAC,UAAUP;IAC5B;IACA,IAAIC,UAAU;QACZK,WAAWC,IAAI,CAAC,cAAcN,SAASO,QAAQ;IACjD;IACA,IAAIN,cAAc;QAChBI,WAAWC,IAAI,CAAC,oBAAoBL;IACtC;IAEA,6CAA6C;IAC7C,IAAIO,cAAc;IAClB,IAAIC,eAAe;IACnB,IAAIC,kBAAkB;IAEtB,IAAIf,QAAQ;QACV,IAAI;YACF,MAAM,EAAEgB,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC;YAElC,8FAA8F;YAC9F,MAAMC,YAAYC,QAAQC,GAAG,CAACC,cAAc,IAAI;YAChD,MAAMC,YAAYH,QAAQC,GAAG,CAACG,cAAc,IAAI;YAEhD,4CAA4C;YAC5C,IAAI;gBACFT,cAAcG,SAAS,CAAC,aAAa,EAAEC,UAAU,IAAI,EAAEI,UAAU,YAAY,EAAErB,OAAO,cAAc,CAAC,EAAE;oBAAEuB,UAAU;gBAAO,GAAGC,IAAI;gBACjI,IAAIX,gBAAgB,SAASA,cAAc;YAC7C,EAAE,OAAOY,GAAG;YACV,2CAA2C;YAC7C;YAEA,qCAAqC;YACrC,IAAI;gBACFX,eAAeE,SAAS,CAAC,aAAa,EAAEC,UAAU,IAAI,EAAEI,UAAU,YAAY,EAAErB,OAAO,eAAe,CAAC,EAAE;oBAAEuB,UAAU;gBAAO,GAAGC,IAAI;gBACnI,IAAIV,iBAAiB,SAASA,eAAe;YAC/C,EAAE,OAAOW,GAAG;YACV,2CAA2C;YAC7C;YAEA,+BAA+B;YAC/B,IAAI;gBACFV,kBAAkBC,SAAS,CAAC,aAAa,EAAEC,UAAU,IAAI,EAAEI,UAAU,YAAY,EAAErB,OAAO,kBAAkB,CAAC,EAAE;oBAAEuB,UAAU;gBAAO,GAAGC,IAAI;gBACzI,IAAIT,oBAAoB,SAASA,kBAAkB;YACrD,EAAE,OAAOU,GAAG;YACV,2CAA2C;YAC7C;YAEA,IAAIZ,aAAa;gBACfrB,QAAQiB,GAAG,CAAC,CAAC,4CAA4C,CAAC;YAC5D;QACF,EAAE,OAAOiB,KAAK;YACZlC,QAAQe,IAAI,CAAC,CAAC,qDAAqD,CAAC,EAAEmB;QACxE;IACF;IAEA,wEAAwE;IACxE,+FAA+F;IAC/F,0EAA0E;IAC1E,MAAMC,cAAc;QAClB;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;KACD;IAED,kCAAkC;IAClC,MAAMR,MAA8B,CAAC;IAErC,gCAAgC;IAChC,KAAK,MAAMtB,OAAO8B,YAAa;QAC7B,MAAM7B,QAAQoB,QAAQC,GAAG,CAACtB,IAAI;QAC9B,IAAIC,UAAU8B,WAAW;YACvBT,GAAG,CAACtB,IAAI,GAAGC;QACb;IACF;IAEA,mEAAmE;IACnE,IAAIoB,QAAQC,GAAG,CAACU,iBAAiB,EAAE;QACjC,wDAAwD;QACxD,IAAIX,QAAQC,GAAG,CAACU,iBAAiB,CAACC,KAAK,CAAC,uBAAuB;YAC7DX,IAAIU,iBAAiB,GAAGX,QAAQC,GAAG,CAACU,iBAAiB;QACvD,OAAO;YACLrC,QAAQe,IAAI,CAAC;QACf;IACF;IAEA,2CAA2C;IAC3CY,IAAIY,UAAU,GAAG1C;IACjB8B,IAAIa,OAAO,GAAGhC,UAAU;IACxBmB,IAAIc,SAAS,GAAGhC,WAAWW,cAAc;IACzCO,IAAIe,OAAO,GAAG/B,WAAW;IACzBgB,IAAIgB,IAAI,GAAG/B,QAAQ;IACnBe,IAAIiB,QAAQ,GAAG/B,UAAUO,cAAc;IACvCO,IAAIkB,cAAc,GAAG/B,gBAAgB;IAErC,4CAA4C;IAC5Ca,IAAImB,YAAY,GAAGzB;IACnBM,IAAIoB,aAAa,GAAGzB;IACpBK,IAAIqB,gBAAgB,GAAGzB;IAEvBvB,QAAQiB,GAAG,CAAC,CAAC,2BAA2B,EAAEC,WAAW+B,IAAI,CAAC,MAAM;IAEhE,6CAA6C;IAC7C,MAAMC,eAAexD,MAAM,OAAOwB,YAAY;QAC5CiC,OAAO;QACPxB;QACAyB,KAAK1B,QAAQ0B,GAAG;IAClB;IAEA,sBAAsB;IACtBF,aAAaG,EAAE,CAAC,QAAQ,CAACC,MAAMC;QAC7B,IAAID,SAAS,GAAG;YACdtD,QAAQiB,GAAG,CAAC,CAAC,kBAAkB,EAAEpB,UAAU,uBAAuB,CAAC;QACrE,OAAO;YACLG,QAAQC,KAAK,CAAC,CAAC,kBAAkB,EAAEJ,UAAU,kBAAkB,EAAEyD,KAAK,SAAS,EAAEC,QAAQ;QAC3F;QACA7B,QAAQ8B,IAAI,CAACF,QAAQ;IACvB;IAEA,wBAAwB;IACxBJ,aAAaG,EAAE,CAAC,SAAS,CAACnB;QACxBlC,QAAQC,KAAK,CAAC,CAAC,kCAAkC,EAAEJ,UAAU,CAAC,CAAC,EAAEqC,IAAIuB,OAAO;QAC5E/B,QAAQ8B,IAAI,CAAC;IACf;IAEA,yBAAyB;IACzB9B,QAAQ2B,EAAE,CAAC,UAAU;QACnBrD,QAAQiB,GAAG,CAAC;QACZiC,aAAaQ,IAAI,CAAC;IACpB;IAEAhC,QAAQ2B,EAAE,CAAC,WAAW;QACpBrD,QAAQiB,GAAG,CAAC;QACZiC,aAAaQ,IAAI,CAAC;IACpB;AACF;AAEA;;CAEC,GACD,SAASC,qBACP9D,SAAiB,EACjBW,MAAe,EACfC,SAAkB,EAClBE,OAAgB;IAEhB,IAAIiD,OAAO,CAAC,gBAAgB,EAAE/D,UAAU,MAAM,CAAC;IAE/C,IAAIW,QAAQoD,QAAQ,CAAC,UAAU,EAAEpD,QAAQ;IACzC,IAAIC,WAAWmD,QAAQ,CAAC,YAAY,EAAEnD,UAAU,CAAC,CAAC;IAClD,IAAIE,SAASiD,QAAQ,CAAC,EAAE,EAAEjD,SAAS;IAEnC,OAAOiD;AACT;AAEA;;CAEC,GACD,OAAO,eAAeC,KAAKjE,OAAiB8B,QAAQoC,IAAI,CAAC/D,KAAK,CAAC,EAAE;IAC/D,yBAAyB;IACzB,IAAIH,KAAKmE,QAAQ,CAAC,aAAanE,KAAKmE,QAAQ,CAAC,OAAO;QAClD/D,QAAQiB,GAAG,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;IAqBb,CAAC;QACD;IACF;IAEA,kBAAkB;IAClB,MAAMf,UAAUP,eAAeC;IAC/B,IAAI,CAACM,SAAS;QACZwB,QAAQ8B,IAAI,CAAC;IACf;IAEA,kBAAkB;IAClB,MAAMxC,WAAWd;AACnB;AAEA,yBAAyB;AACzB,mEAAmE;AACnE,MAAM8D,eAAe,YAAYC,GAAG,CAACC,QAAQ,CAACxC,QAAQoC,IAAI,CAAC,EAAE,EAAEK,QAAQ,OAAO,QAAQ;AACtF,IAAIH,cAAc;IAChBH,OAAOO,KAAK,CAAC,CAAClC;QACZlC,QAAQC,KAAK,CAAC,4BAA4BiC;QAC1CR,QAAQ8B,IAAI,CAAC;IACf;AACF"}
1	+ {"version":3,"sources":["../../src/cli/agent-spawn.ts"],"sourcesContent":["#!/usr/bin/env node\r\n/*\r\n Agent Spawning CLI - Direct agent process spawning\r\n \r\n Usage:\r\n * npx cfn-spawn agent <type> [options]\r\n * npx cfn-spawn <type> [options] (agent is implied)\r\n \r\n Examples:\r\n * npx cfn-spawn agent researcher --task-id task-123 --iteration 1\r\n * npx cfn-spawn researcher --task-id task-123 --iteration 1\r\n /\r\n\r\nimport { spawn, execFileSync } from 'child_process';\r\nimport { resolve } from 'path';\r\n\r\ninterface AgentSpawnOptions {\r\n agentType: string;\r\n agentId?: string;\r\n taskId?: string;\r\n iteration?: number;\r\n context?: string;\r\n mode?: string;\r\n priority?: number;\r\n parentTaskId?: string;\r\n}\r\n\r\n/\r\n SECURITY: Parameter validation to prevent command injection (CVSS 8.9)\r\n * Validates all parameters that will be passed to execFileSync()\r\n /\r\n\r\n/\r\n Validates taskId format to prevent command injection attacks\r\n * Pattern: alphanumeric, underscore, hyphen only, 1-64 chars\r\n /\r\nfunction validateTaskId(taskId: string): { valid: boolean; error?: string } {\r\n if (typeof taskId !== 'string' \|\| taskId.length === 0) {\r\n return { valid: false, error: 'Task ID must be a non-empty string' };\r\n }\r\n\r\n const taskIdPattern = /^[a-zA-Z0-9_-]{1,64}$/;\r\n if (!taskIdPattern.test(taskId)) {\r\n return {\r\n valid: false,\r\n error: 'Invalid task ID format - must contain only alphanumeric characters, underscores, and hyphens (max 64 chars)'\r\n };\r\n }\r\n return { valid: true };\r\n}\r\n\r\n/\r\n Validates Redis host to prevent command injection\r\n * Allows: hostnames, domain names, localhost, IPv4, IPv6 (::1)\r\n /\r\nfunction validateRedisHost(host: string): { valid: boolean; error?: string } {\r\n if (typeof host !== 'string' \|\| host.length === 0) {\r\n return { valid: false, error: 'Redis host must be a non-empty string' };\r\n }\r\n\r\n // Pattern: alphanumeric, hyphens, dots (for domains), plus special IPv6 loopback\r\n const hostPattern = /^[a-zA-Z0-9.-]+$\|^::1$/;\r\n if (!hostPattern.test(host)) {\r\n return { valid: false, error: 'Invalid Redis host format' };\r\n }\r\n return { valid: true };\r\n}\r\n\r\n/\r\n Validates Redis port to prevent command injection\r\n * Range: 1-65535\r\n /\r\nfunction validateRedisPort(port: string): { valid: boolean; error?: string } {\r\n if (typeof port !== 'string' \|\| port.length === 0) {\r\n return { valid: false, error: 'Redis port must be a non-empty string' };\r\n }\r\n\r\n const portNum = parseInt(port, 10);\r\n if (isNaN(portNum) \|\| portNum < 1 \|\| portNum > 65535) {\r\n return { valid: false, error: 'Invalid Redis port - must be between 1 and 65535' };\r\n }\r\n return { valid: true };\r\n}\r\n\r\n/\r\n Safely retrieves context from Redis using execFileSync()\r\n * Prevents command injection by using array-based arguments instead of template literals\r\n /\r\nfunction getRedisContextSafely(\r\n taskId: string,\r\n redisHost: string,\r\n redisPort: string,\r\n contextKey: string\r\n): string {\r\n try {\r\n // Validate all parameters BEFORE executing\r\n const taskIdValidation = validateTaskId(taskId);\r\n if (!taskIdValidation.valid) {\r\n console.warn(`[cfn-spawn] Invalid task ID: ${taskIdValidation.error}`);\r\n return '';\r\n }\r\n\r\n const hostValidation = validateRedisHost(redisHost);\r\n if (!hostValidation.valid) {\r\n console.warn(`[cfn-spawn] Invalid Redis host: ${hostValidation.error}`);\r\n return '';\r\n }\r\n\r\n const portValidation = validateRedisPort(redisPort);\r\n if (!portValidation.valid) {\r\n console.warn(`[cfn-spawn] Invalid Redis port: ${portValidation.error}`);\r\n return '';\r\n }\r\n\r\n // All parameters validated - now execute safely with execFileSync()\r\n // Using array arguments prevents shell interpolation of metacharacters\r\n const redisKey = `swarm:${taskId}:${contextKey}`;\r\n const result = execFileSync('redis-cli', [\r\n '-h', redisHost,\r\n '-p', redisPort,\r\n 'get',\r\n redisKey\r\n ], { encoding: 'utf8' });\r\n\r\n const trimmed = result.trim();\r\n return trimmed === '(nil)' ? '' : trimmed;\r\n } catch (e) {\r\n // Redis not available or key doesn't exist - fail silently\r\n return '';\r\n }\r\n}\r\n\r\n/\r\n Parse command line arguments for agent spawning\r\n /\r\nexport function parseAgentArgs(args: string[]): AgentSpawnOptions \| null {\r\n // Handle both \"agent <type>\" and \"<type>\" patterns\r\n let agentType: string;\r\n let optionArgs: string[];\r\n\r\n if (args[0] === 'agent') {\r\n agentType = args[1];\r\n optionArgs = args.slice(2);\r\n } else {\r\n agentType = args[0];\r\n optionArgs = args.slice(1);\r\n }\r\n\r\n // Validate agent type exists and is not a flag\r\n if (!agentType \|\| agentType.startsWith('--')) {\r\n console.error('Error: Agent type is required');\r\n console.error('Usage: cfn-spawn agent <type> [options]');\r\n return null;\r\n }\r\n\r\n const options: AgentSpawnOptions = { agentType };\r\n\r\n // Parse optional parameters\r\n for (let i = 0; i < optionArgs.length; i += 2) {\r\n const key = optionArgs[i];\r\n const value = optionArgs[i + 1];\r\n\r\n switch (key) {\r\n case '--agent-id':\r\n options.agentId = value;\r\n break;\r\n case '--task-id':\r\n options.taskId = value;\r\n break;\r\n case '--iteration':\r\n options.iteration = parseInt(value, 10);\r\n break;\r\n case '--context':\r\n options.context = value;\r\n break;\r\n case '--mode':\r\n options.mode = value;\r\n break;\r\n case '--priority':\r\n options.priority = parseInt(value, 10);\r\n break;\r\n case '--parent-task':\r\n case '--parent-task-id':\r\n options.parentTaskId = value;\r\n break;\r\n default:\r\n console.warn(`Unknown option: ${key}`);\r\n }\r\n }\r\n\r\n return options;\r\n}\r\n\r\n/\r\n Spawn an agent process using npx claude-flow-novice agent\r\n \r\n This is a wrapper/alias for the existing claude-flow-novice agent spawning mechanism\r\n * Provides the cfn-spawn naming pattern while delegating to the working implementation\r\n /\r\nexport async function spawnAgent(options: AgentSpawnOptions): Promise<void> {\r\n const { agentType, agentId, taskId, iteration, context, mode, priority, parentTaskId } = options;\r\n\r\n console.log(`[cfn-spawn] Spawning agent: ${agentType}`);\r\n if (agentId) console.log(`[cfn-spawn] Agent ID: ${agentId}`);\r\n if (taskId) console.log(`[cfn-spawn] Task ID: ${taskId}`);\r\n if (iteration) console.log(`[cfn-spawn] Iteration: ${iteration}`);\r\n if (context) console.log(`[cfn-spawn] Context: ${context}`);\r\n if (mode) console.log(`[cfn-spawn] Mode: ${mode}`);\r\n\r\n // Build command arguments for npx claude-flow-novice agent\r\n const claudeArgs = ['claude-flow-novice', 'agent', agentType];\r\n\r\n // Add optional parameters\r\n if (agentId) {\r\n claudeArgs.push('--agent-id', agentId);\r\n }\r\n if (taskId) {\r\n claudeArgs.push('--task-id', taskId);\r\n }\r\n if (iteration) {\r\n claudeArgs.push('--iteration', iteration.toString());\r\n }\r\n if (context) {\r\n claudeArgs.push('--context', context);\r\n }\r\n if (mode) {\r\n claudeArgs.push('--mode', mode);\r\n }\r\n if (priority) {\r\n claudeArgs.push('--priority', priority.toString());\r\n }\r\n if (parentTaskId) {\r\n claudeArgs.push('--parent-task-id', parentTaskId);\r\n }\r\n\r\n // Fetch epic context from Redis if available\r\n let epicContext = '';\r\n let phaseContext = '';\r\n let successCriteria = '';\r\n\r\n if (taskId) {\r\n // SECURITY FIX (CVSS 8.9): Use safe parameter validation and execFileSync()\r\n // Prevent command injection by validating all parameters BEFORE execution\r\n const redisHost = process.env.CFN_REDIS_HOST \|\| 'cfn-redis';\r\n const redisPort = process.env.CFN_REDIS_PORT \|\| '6379';\r\n\r\n // Validate Redis connection parameters\r\n const hostValidation = validateRedisHost(redisHost);\r\n const portValidation = validateRedisPort(redisPort);\r\n\r\n if (hostValidation.valid && portValidation.valid) {\r\n // Try to read epic-level context from Redis\r\n epicContext = getRedisContextSafely(taskId, redisHost, redisPort, 'epic-context');\r\n\r\n // Try to read phase-specific context\r\n phaseContext = getRedisContextSafely(taskId, redisHost, redisPort, 'phase-context');\r\n\r\n // Try to read success criteria\r\n successCriteria = getRedisContextSafely(taskId, redisHost, redisPort, 'success-criteria');\r\n\r\n if (epicContext) {\r\n console.log(`[cfn-spawn] Epic context loaded from Redis`);\r\n }\r\n } else {\r\n console.warn(`[cfn-spawn] Invalid Redis configuration - skipping context load`);\r\n if (!hostValidation.valid) console.warn(`[cfn-spawn] ${hostValidation.error}`);\r\n if (!portValidation.valid) console.warn(`[cfn-spawn] ${portValidation.error}`);\r\n }\r\n }\r\n\r\n // Add environment variables for agent context - WHITELIST ONLY APPROACH\r\n // SECURITY FIX: Do not use ...process.env spread which exposes ALL variables including secrets\r\n // Instead, explicitly whitelist safe variables to pass to spawned process\r\n const safeEnvVars = [\r\n 'CFN_REDIS_HOST',\r\n 'CFN_REDIS_PORT',\r\n 'CFN_REDIS_URL',\r\n 'CFN_MEMORY_BUDGET',\r\n 'CFN_API_HOST',\r\n 'CFN_API_PORT',\r\n 'CFN_LOG_LEVEL',\r\n 'CFN_LOG_FORMAT',\r\n 'CFN_CONTAINER_MODE',\r\n 'CFN_DOCKER_SOCKET',\r\n 'CFN_NETWORK_NAME',\r\n 'CFN_CUSTOM_ROUTING',\r\n 'CFN_DEFAULT_PROVIDER',\r\n 'NODE_ENV',\r\n 'PATH',\r\n 'HOME'\r\n ];\r\n\r\n // Build whitelist-only env object\r\n const env: Record<string, string> = {};\r\n\r\n // Add whitelisted CFN variables\r\n for (const key of safeEnvVars) {\r\n const value = process.env[key];\r\n if (value !== undefined) {\r\n env[key] = value;\r\n }\r\n }\r\n\r\n // Add API key only when explicitly needed (with strict validation)\r\n if (process.env.ANTHROPIC_API_KEY) {\r\n // Validate format: should start with \"sk-\" or \"sk-ant-\"\r\n if (process.env.ANTHROPIC_API_KEY.match(/^sk-[a-zA-Z0-9-]+$/)) {\r\n env.ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;\r\n } else {\r\n console.warn('[cfn-spawn] Warning: ANTHROPIC_API_KEY format invalid, not passing to agent');\r\n }\r\n }\r\n\r\n // Add task and execution context variables\r\n env.AGENT_TYPE = agentType;\r\n env.TASK_ID = taskId \|\| '';\r\n env.ITERATION = iteration?.toString() \|\| '1';\r\n env.CONTEXT = context \|\| '';\r\n env.MODE = mode \|\| 'cli';\r\n env.PRIORITY = priority?.toString() \|\| '5';\r\n env.PARENT_TASK_ID = parentTaskId \|\| '';\r\n\r\n // Epic-level context from Redis (sanitized)\r\n env.EPIC_CONTEXT = epicContext;\r\n env.PHASE_CONTEXT = phaseContext;\r\n env.SUCCESS_CRITERIA = successCriteria;\r\n\r\n console.log(`[cfn-spawn] Executing: npx ${claudeArgs.join(' ')}`);\r\n\r\n // Spawn the claude-flow-novice agent process\r\n const agentProcess = spawn('npx', claudeArgs, {\r\n stdio: 'inherit',\r\n env,\r\n cwd: process.cwd()\r\n });\r\n\r\n // Handle process exit\r\n agentProcess.on('exit', (code, signal) => {\r\n if (code === 0) {\r\n console.log(`[cfn-spawn] Agent ${agentType} completed successfully`);\r\n } else {\r\n console.error(`[cfn-spawn] Agent ${agentType} exited with code ${code}, signal ${signal}`);\r\n }\r\n process.exit(code \|\| 0);\r\n });\r\n\r\n // Handle process errors\r\n agentProcess.on('error', (err) => {\r\n console.error(`[cfn-spawn] Failed to spawn agent ${agentType}:`, err.message);\r\n process.exit(1);\r\n });\r\n\r\n // Cleanup on parent exit\r\n process.on('SIGINT', () => {\r\n console.log('\\n[cfn-spawn] Received SIGINT, terminating agent...');\r\n agentProcess.kill('SIGINT');\r\n });\r\n\r\n process.on('SIGTERM', () => {\r\n console.log('\\n[cfn-spawn] Received SIGTERM, terminating agent...');\r\n agentProcess.kill('SIGTERM');\r\n });\r\n}\r\n\r\n/\r\n Build task description for the agent\r\n /\r\nexport function buildTaskDescription(\r\n agentType: string,\r\n taskId?: string,\r\n iteration?: number,\r\n context?: string\r\n): string {\r\n let desc = `Execute task as ${agentType} agent`;\r\n\r\n if (taskId) desc += ` for task ${taskId}`;\r\n if (iteration !== undefined) desc += ` (iteration ${iteration})`;\r\n if (context) desc += `: ${context}`;\r\n\r\n return desc;\r\n}\r\n\r\n/\r\n Main CLI entry point\r\n */\r\nexport async function main(args: string[] = process.argv.slice(2)): Promise<void> {\r\n // Show help if requested\r\n if (args.includes('--help') \|\| args.includes('-h')) {\r\n console.log(`\r\ncfn-spawn - Claude Flow Novice Agent Spawner\r\n\r\nUsage:\r\n cfn-spawn agent <type> [options]\r\n cfn-spawn <type> [options] (agent is implied)\r\n\r\nOptions:\r\n --agent-id <id> Explicit agent identifier (overrides auto-generation)\r\n --task-id <id> Task identifier\r\n --iteration <n> Iteration number\r\n --context <text> Context description\r\n --mode <mode> Execution mode (cli, api, hybrid)\r\n --priority <1-10> Task priority\r\n --parent-task-id <id> Parent task identifier\r\n\r\nExamples:\r\n cfn-spawn agent researcher --task-id task-123 --iteration 1\r\n cfn-spawn coder --task-id auth-impl --context \"Implement JWT auth\"\r\n cfn-spawn reviewer --task-id auth-impl --iteration 2 --mode cli\r\n cfn-spawn tester --agent-id tester-1-1 --task-id test-phase --iteration 1\r\n `);\r\n return;\r\n }\r\n\r\n // Parse arguments\r\n const options = parseAgentArgs(args);\r\n if (!options) {\r\n process.exit(1);\r\n }\r\n\r\n // Spawn the agent\r\n await spawnAgent(options);\r\n}\r\n\r\n// Run if called directly\r\n// ES module check - compare import.meta.url with the executed file\r\nconst isMainModule = import.meta.url.endsWith(process.argv[1]?.replace(/\\\\/g, '/') \|\| '');\r\nif (isMainModule) {\r\n main().catch((err) => {\r\n console.error('[cfn-spawn] Fatal error:', err);\r\n process.exit(1);\r\n });\r\n}\r\n"],"names":["spawn","execFileSync","validateTaskId","taskId","length","valid","error","taskIdPattern","test","validateRedisHost","host","hostPattern","validateRedisPort","port","portNum","parseInt","isNaN","getRedisContextSafely","redisHost","redisPort","contextKey","taskIdValidation","console","warn","hostValidation","portValidation","redisKey","result","encoding","trimmed","trim","e","parseAgentArgs","args","agentType","optionArgs","slice","startsWith","options","i","key","value","agentId","iteration","context","mode","priority","parentTaskId","spawnAgent","log","claudeArgs","push","toString","epicContext","phaseContext","successCriteria","process","env","CFN_REDIS_HOST","CFN_REDIS_PORT","safeEnvVars","undefined","ANTHROPIC_API_KEY","match","AGENT_TYPE","TASK_ID","ITERATION","CONTEXT","MODE","PRIORITY","PARENT_TASK_ID","EPIC_CONTEXT","PHASE_CONTEXT","SUCCESS_CRITERIA","join","agentProcess","stdio","cwd","on","code","signal","exit","err","message","kill","buildTaskDescription","desc","main","argv","includes","isMainModule","url","endsWith","replace","catch"],"mappings":";AACA;;;;;;;;;;CAUC,GAED,SAASA,KAAK,EAAEC,YAAY,QAAQ,gBAAgB;AAcpD;;;CAGC,GAED;;;CAGC,GACD,SAASC,eAAeC,MAAc;IACpC,IAAI,OAAOA,WAAW,YAAYA,OAAOC,MAAM,KAAK,GAAG;QACrD,OAAO;YAAEC,OAAO;YAAOC,OAAO;QAAqC;IACrE;IAEA,MAAMC,gBAAgB;IACtB,IAAI,CAACA,cAAcC,IAAI,CAACL,SAAS;QAC/B,OAAO;YACLE,OAAO;YACPC,OAAO;QACT;IACF;IACA,OAAO;QAAED,OAAO;IAAK;AACvB;AAEA;;;CAGC,GACD,SAASI,kBAAkBC,IAAY;IACrC,IAAI,OAAOA,SAAS,YAAYA,KAAKN,MAAM,KAAK,GAAG;QACjD,OAAO;YAAEC,OAAO;YAAOC,OAAO;QAAwC;IACxE;IAEA,iFAAiF;IACjF,MAAMK,cAAc;IACpB,IAAI,CAACA,YAAYH,IAAI,CAACE,OAAO;QAC3B,OAAO;YAAEL,OAAO;YAAOC,OAAO;QAA4B;IAC5D;IACA,OAAO;QAAED,OAAO;IAAK;AACvB;AAEA;;;CAGC,GACD,SAASO,kBAAkBC,IAAY;IACrC,IAAI,OAAOA,SAAS,YAAYA,KAAKT,MAAM,KAAK,GAAG;QACjD,OAAO;YAAEC,OAAO;YAAOC,OAAO;QAAwC;IACxE;IAEA,MAAMQ,UAAUC,SAASF,MAAM;IAC/B,IAAIG,MAAMF,YAAYA,UAAU,KAAKA,UAAU,OAAO;QACpD,OAAO;YAAET,OAAO;YAAOC,OAAO;QAAmD;IACnF;IACA,OAAO;QAAED,OAAO;IAAK;AACvB;AAEA;;;CAGC,GACD,SAASY,sBACPd,MAAc,EACde,SAAiB,EACjBC,SAAiB,EACjBC,UAAkB;IAElB,IAAI;QACF,2CAA2C;QAC3C,MAAMC,mBAAmBnB,eAAeC;QACxC,IAAI,CAACkB,iBAAiBhB,KAAK,EAAE;YAC3BiB,QAAQC,IAAI,CAAC,CAAC,6BAA6B,EAAEF,iBAAiBf,KAAK,EAAE;YACrE,OAAO;QACT;QAEA,MAAMkB,iBAAiBf,kBAAkBS;QACzC,IAAI,CAACM,eAAenB,KAAK,EAAE;YACzBiB,QAAQC,IAAI,CAAC,CAAC,gCAAgC,EAAEC,eAAelB,KAAK,EAAE;YACtE,OAAO;QACT;QAEA,MAAMmB,iBAAiBb,kBAAkBO;QACzC,IAAI,CAACM,eAAepB,KAAK,EAAE;YACzBiB,QAAQC,IAAI,CAAC,CAAC,gCAAgC,EAAEE,eAAenB,KAAK,EAAE;YACtE,OAAO;QACT;QAEA,oEAAoE;QACpE,uEAAuE;QACvE,MAAMoB,WAAW,CAAC,MAAM,EAAEvB,OAAO,CAAC,EAAEiB,YAAY;QAChD,MAAMO,SAAS1B,aAAa,aAAa;YACvC;YAAMiB;YACN;YAAMC;YACN;YACAO;SACD,EAAE;YAAEE,UAAU;QAAO;QAEtB,MAAMC,UAAUF,OAAOG,IAAI;QAC3B,OAAOD,YAAY,UAAU,KAAKA;IACpC,EAAE,OAAOE,GAAG;QACV,2DAA2D;QAC3D,OAAO;IACT;AACF;AAEA;;CAEC,GACD,OAAO,SAASC,eAAeC,IAAc;IAC3C,mDAAmD;IACnD,IAAIC;IACJ,IAAIC;IAEJ,IAAIF,IAAI,CAAC,EAAE,KAAK,SAAS;QACvBC,YAAYD,IAAI,CAAC,EAAE;QACnBE,aAAaF,KAAKG,KAAK,CAAC;IAC1B,OAAO;QACLF,YAAYD,IAAI,CAAC,EAAE;QACnBE,aAAaF,KAAKG,KAAK,CAAC;IAC1B;IAEA,+CAA+C;IAC/C,IAAI,CAACF,aAAaA,UAAUG,UAAU,CAAC,OAAO;QAC5Cf,QAAQhB,KAAK,CAAC;QACdgB,QAAQhB,KAAK,CAAC;QACd,OAAO;IACT;IAEA,MAAMgC,UAA6B;QAAEJ;IAAU;IAE/C,4BAA4B;IAC5B,IAAK,IAAIK,IAAI,GAAGA,IAAIJ,WAAW/B,MAAM,EAAEmC,KAAK,EAAG;QAC7C,MAAMC,MAAML,UAAU,CAACI,EAAE;QACzB,MAAME,QAAQN,UAAU,CAACI,IAAI,EAAE;QAE/B,OAAQC;YACN,KAAK;gBACHF,QAAQI,OAAO,GAAGD;gBAClB;YACF,KAAK;gBACHH,QAAQnC,MAAM,GAAGsC;gBACjB;YACF,KAAK;gBACHH,QAAQK,SAAS,GAAG5B,SAAS0B,OAAO;gBACpC;YACF,KAAK;gBACHH,QAAQM,OAAO,GAAGH;gBAClB;YACF,KAAK;gBACHH,QAAQO,IAAI,GAAGJ;gBACf;YACF,KAAK;gBACHH,QAAQQ,QAAQ,GAAG/B,SAAS0B,OAAO;gBACnC;YACF,KAAK;YACL,KAAK;gBACHH,QAAQS,YAAY,GAAGN;gBACvB;YACF;gBACEnB,QAAQC,IAAI,CAAC,CAAC,gBAAgB,EAAEiB,KAAK;QACzC;IACF;IAEA,OAAOF;AACT;AAEA;;;;;CAKC,GACD,OAAO,eAAeU,WAAWV,OAA0B;IACzD,MAAM,EAAEJ,SAAS,EAAEQ,OAAO,EAAEvC,MAAM,EAAEwC,SAAS,EAAEC,OAAO,EAAEC,IAAI,EAAEC,QAAQ,EAAEC,YAAY,EAAE,GAAGT;IAEzFhB,QAAQ2B,GAAG,CAAC,CAAC,4BAA4B,EAAEf,WAAW;IACtD,IAAIQ,SAASpB,QAAQ2B,GAAG,CAAC,CAAC,wBAAwB,EAAEP,SAAS;IAC7D,IAAIvC,QAAQmB,QAAQ2B,GAAG,CAAC,CAAC,uBAAuB,EAAE9C,QAAQ;IAC1D,IAAIwC,WAAWrB,QAAQ2B,GAAG,CAAC,CAAC,yBAAyB,EAAEN,WAAW;IAClE,IAAIC,SAAStB,QAAQ2B,GAAG,CAAC,CAAC,uBAAuB,EAAEL,SAAS;IAC5D,IAAIC,MAAMvB,QAAQ2B,GAAG,CAAC,CAAC,oBAAoB,EAAEJ,MAAM;IAEnD,2DAA2D;IAC3D,MAAMK,aAAa;QAAC;QAAsB;QAAShB;KAAU;IAE7D,0BAA0B;IAC1B,IAAIQ,SAAS;QACXQ,WAAWC,IAAI,CAAC,cAAcT;IAChC;IACA,IAAIvC,QAAQ;QACV+C,WAAWC,IAAI,CAAC,aAAahD;IAC/B;IACA,IAAIwC,WAAW;QACbO,WAAWC,IAAI,CAAC,eAAeR,UAAUS,QAAQ;IACnD;IACA,IAAIR,SAAS;QACXM,WAAWC,IAAI,CAAC,aAAaP;IAC/B;IACA,IAAIC,MAAM;QACRK,WAAWC,IAAI,CAAC,UAAUN;IAC5B;IACA,IAAIC,UAAU;QACZI,WAAWC,IAAI,CAAC,cAAcL,SAASM,QAAQ;IACjD;IACA,IAAIL,cAAc;QAChBG,WAAWC,IAAI,CAAC,oBAAoBJ;IACtC;IAEA,6CAA6C;IAC7C,IAAIM,cAAc;IAClB,IAAIC,eAAe;IACnB,IAAIC,kBAAkB;IAEtB,IAAIpD,QAAQ;QACV,4EAA4E;QAC5E,0EAA0E;QAC1E,MAAMe,YAAYsC,QAAQC,GAAG,CAACC,cAAc,IAAI;QAChD,MAAMvC,YAAYqC,QAAQC,GAAG,CAACE,cAAc,IAAI;QAEhD,uCAAuC;QACvC,MAAMnC,iBAAiBf,kBAAkBS;QACzC,MAAMO,iBAAiBb,kBAAkBO;QAEzC,IAAIK,eAAenB,KAAK,IAAIoB,eAAepB,KAAK,EAAE;YAChD,4CAA4C;YAC5CgD,cAAcpC,sBAAsBd,QAAQe,WAAWC,WAAW;YAElE,qCAAqC;YACrCmC,eAAerC,sBAAsBd,QAAQe,WAAWC,WAAW;YAEnE,+BAA+B;YAC/BoC,kBAAkBtC,sBAAsBd,QAAQe,WAAWC,WAAW;YAEtE,IAAIkC,aAAa;gBACf/B,QAAQ2B,GAAG,CAAC,CAAC,4CAA4C,CAAC;YAC5D;QACF,OAAO;YACL3B,QAAQC,IAAI,CAAC,CAAC,iEAAiE,CAAC;YAChF,IAAI,CAACC,eAAenB,KAAK,EAAEiB,QAAQC,IAAI,CAAC,CAAC,cAAc,EAAEC,eAAelB,KAAK,EAAE;YAC/E,IAAI,CAACmB,eAAepB,KAAK,EAAEiB,QAAQC,IAAI,CAAC,CAAC,cAAc,EAAEE,eAAenB,KAAK,EAAE;QACjF;IACF;IAEA,wEAAwE;IACxE,+FAA+F;IAC/F,0EAA0E;IAC1E,MAAMsD,cAAc;QAClB;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;QACA;KACD;IAED,kCAAkC;IAClC,MAAMH,MAA8B,CAAC;IAErC,gCAAgC;IAChC,KAAK,MAAMjB,OAAOoB,YAAa;QAC7B,MAAMnB,QAAQe,QAAQC,GAAG,CAACjB,IAAI;QAC9B,IAAIC,UAAUoB,WAAW;YACvBJ,GAAG,CAACjB,IAAI,GAAGC;QACb;IACF;IAEA,mEAAmE;IACnE,IAAIe,QAAQC,GAAG,CAACK,iBAAiB,EAAE;QACjC,wDAAwD;QACxD,IAAIN,QAAQC,GAAG,CAACK,iBAAiB,CAACC,KAAK,CAAC,uBAAuB;YAC7DN,IAAIK,iBAAiB,GAAGN,QAAQC,GAAG,CAACK,iBAAiB;QACvD,OAAO;YACLxC,QAAQC,IAAI,CAAC;QACf;IACF;IAEA,2CAA2C;IAC3CkC,IAAIO,UAAU,GAAG9B;IACjBuB,IAAIQ,OAAO,GAAG9D,UAAU;IACxBsD,IAAIS,SAAS,GAAGvB,WAAWS,cAAc;IACzCK,IAAIU,OAAO,GAAGvB,WAAW;IACzBa,IAAIW,IAAI,GAAGvB,QAAQ;IACnBY,IAAIY,QAAQ,GAAGvB,UAAUM,cAAc;IACvCK,IAAIa,cAAc,GAAGvB,gBAAgB;IAErC,4CAA4C;IAC5CU,IAAIc,YAAY,GAAGlB;IACnBI,IAAIe,aAAa,GAAGlB;IACpBG,IAAIgB,gBAAgB,GAAGlB;IAEvBjC,QAAQ2B,GAAG,CAAC,CAAC,2BAA2B,EAAEC,WAAWwB,IAAI,CAAC,MAAM;IAEhE,6CAA6C;IAC7C,MAAMC,eAAe3E,MAAM,OAAOkD,YAAY;QAC5C0B,OAAO;QACPnB;QACAoB,KAAKrB,QAAQqB,GAAG;IAClB;IAEA,sBAAsB;IACtBF,aAAaG,EAAE,CAAC,QAAQ,CAACC,MAAMC;QAC7B,IAAID,SAAS,GAAG;YACdzD,QAAQ2B,GAAG,CAAC,CAAC,kBAAkB,EAAEf,UAAU,uBAAuB,CAAC;QACrE,OAAO;YACLZ,QAAQhB,KAAK,CAAC,CAAC,kBAAkB,EAAE4B,UAAU,kBAAkB,EAAE6C,KAAK,SAAS,EAAEC,QAAQ;QAC3F;QACAxB,QAAQyB,IAAI,CAACF,QAAQ;IACvB;IAEA,wBAAwB;IACxBJ,aAAaG,EAAE,CAAC,SAAS,CAACI;QACxB5D,QAAQhB,KAAK,CAAC,CAAC,kCAAkC,EAAE4B,UAAU,CAAC,CAAC,EAAEgD,IAAIC,OAAO;QAC5E3B,QAAQyB,IAAI,CAAC;IACf;IAEA,yBAAyB;IACzBzB,QAAQsB,EAAE,CAAC,UAAU;QACnBxD,QAAQ2B,GAAG,CAAC;QACZ0B,aAAaS,IAAI,CAAC;IACpB;IAEA5B,QAAQsB,EAAE,CAAC,WAAW;QACpBxD,QAAQ2B,GAAG,CAAC;QACZ0B,aAAaS,IAAI,CAAC;IACpB;AACF;AAEA;;CAEC,GACD,OAAO,SAASC,qBACdnD,SAAiB,EACjB/B,MAAe,EACfwC,SAAkB,EAClBC,OAAgB;IAEhB,IAAI0C,OAAO,CAAC,gBAAgB,EAAEpD,UAAU,MAAM,CAAC;IAE/C,IAAI/B,QAAQmF,QAAQ,CAAC,UAAU,EAAEnF,QAAQ;IACzC,IAAIwC,cAAckB,WAAWyB,QAAQ,CAAC,YAAY,EAAE3C,UAAU,CAAC,CAAC;IAChE,IAAIC,SAAS0C,QAAQ,CAAC,EAAE,EAAE1C,SAAS;IAEnC,OAAO0C;AACT;AAEA;;CAEC,GACD,OAAO,eAAeC,KAAKtD,OAAiBuB,QAAQgC,IAAI,CAACpD,KAAK,CAAC,EAAE;IAC/D,yBAAyB;IACzB,IAAIH,KAAKwD,QAAQ,CAAC,aAAaxD,KAAKwD,QAAQ,CAAC,OAAO;QAClDnE,QAAQ2B,GAAG,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;IAqBb,CAAC;QACD;IACF;IAEA,kBAAkB;IAClB,MAAMX,UAAUN,eAAeC;IAC/B,IAAI,CAACK,SAAS;QACZkB,QAAQyB,IAAI,CAAC;IACf;IAEA,kBAAkB;IAClB,MAAMjC,WAAWV;AACnB;AAEA,yBAAyB;AACzB,mEAAmE;AACnE,MAAMoD,eAAe,YAAYC,GAAG,CAACC,QAAQ,CAACpC,QAAQgC,IAAI,CAAC,EAAE,EAAEK,QAAQ,OAAO,QAAQ;AACtF,IAAIH,cAAc;IAChBH,OAAOO,KAAK,CAAC,CAACZ;QACZ5D,QAAQhB,KAAK,CAAC,4BAA4B4E;QAC1C1B,QAAQyB,IAAI,CAAC;IACf;AACF"}