claude-flow-novice 2.15.4 → 2.15.5

package/.claude/commands/cfn-loop-cli.md

@@ -21,26 +21,35 @@ MODE: Parse from --mode flag or default to "standard"
 MAX_ITERATIONS: Parse from --max-iterations flag or default to 10
 ```
 
-**Step 2: Generate Task ID**
+**Step 2: Set Redis Environment Variables (REQUIRED for non-Docker environments)**
+```bash
+# Set Redis connection parameters for CLI mode
+export CFN_REDIS_HOST=localhost
+export CFN_REDIS_PORT=6379
+
+echo "✅ Redis environment: $CFN_REDIS_HOST:$CFN_REDIS_PORT"
+```
+
+**Step 3: Generate Task ID**
 ```bash
 TASK_ID="cfn-cli-$(date +%s%N | tail -c 7)-${RANDOM}"
 ```
 
-**Step 2.5: Verify Redis Availability (REQUIRED for CLI mode coordination)**
+**Step 4: Verify Redis Availability (REQUIRED for CLI mode coordination)**
 ```bash
 # Verify Redis availability (REQUIRED for CLI mode coordination)
-if ! redis-cli PING >/dev/null 2>&1; then
-  echo "❌ ERROR: Redis not available"
+if ! redis-cli -h "$CFN_REDIS_HOST" -p "$CFN_REDIS_PORT" PING >/dev/null 2>&1; then
+  echo "❌ ERROR: Redis not available at $CFN_REDIS_HOST:$CFN_REDIS_PORT"
   echo "   CLI mode requires Redis for coordination"
   echo "   Start Redis: redis-server"
   echo "   Or use Task mode: /cfn-loop-task"
   exit 1
 fi
 
-echo "✅ Redis available"
+echo "✅ Redis available at $CFN_REDIS_HOST:$CFN_REDIS_PORT"
 ```
 
-**Step 3: Spawn Coordinator (REQUIRED - Execute this command now via Bash tool)**
+**Step 5: Spawn Coordinator (REQUIRED - Execute this command now via Bash tool)**
 ```bash
 npx claude-flow-novice agent cfn-v3-coordinator \
   --task-id "$TASK_ID" \
@@ -49,10 +58,10 @@ npx claude-flow-novice agent cfn-v3-coordinator \
   --background=true
 ```
 
-**Step 4: Inform User**
+**Step 6: Inform User**
 After spawning coordinator, tell user:
 - ✅ CFN Loop coordinator spawned with task ID: $TASK_ID
-- 📊 Monitor progress: `redis-cli HGETALL "cfn_loop:task:$TASK_ID:context"`
+- 📊 Monitor progress: `redis-cli -h $CFN_REDIS_HOST -p $CFN_REDIS_PORT HGETALL "cfn_loop:task:$TASK_ID:context"`
 - 🌐 Web dashboard: http://localhost:3000
 
 ---

package/.claude/skills/cfn-loop-orchestration/orchestrate.sh

@@ -61,6 +61,21 @@ mkdir -p "$CFN_TELEMETRY_DIR"
 # shellcheck source=./security_utils.sh
 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/security_utils.sh"
 
+##############################################################################
+# Input Sanitization (Security)
+##############################################################################
+sanitize_input() {
+  local input="$1"
+  local max_length="${2:-256}"  # Default max length 256 chars
+
+  # Truncate to max length
+  input="${input:0:$max_length}"
+
+  # Remove dangerous characters (only allow alphanumeric, dash, underscore, dot, comma, colon, space, forward slash)
+  # This covers task IDs, agent types, file paths, and JSON-like structures
+  echo "$input" | sed 's/[^a-zA-Z0-9._:, /-]//g'
+}
+
 HELPERS_DIR="$SCRIPT_DIR/helpers"
 REDIS_COORD_SKILL="$PROJECT_ROOT/.claude/skills/cfn-redis-coordination"
 
@@ -142,6 +157,10 @@ while [[ $# -gt 0 ]]; do
         echo "Error: --loop3-agents requires a value"
         exit 1
       fi
+      if [[ -z "$2" ]]; then
+        echo "Error: --loop3-agents value cannot be empty"
+        exit 1
+      fi
       validate_agent_list "$2" || { echo "Invalid Loop 3 agent list"; exit 1; }
       LOOP3_AGENTS="$2"
       shift 2
@@ -151,6 +170,10 @@ while [[ $# -gt 0 ]]; do
         echo "Error: --loop2-agents requires a value"
         exit 1
       fi
+      if [[ -z "$2" ]]; then
+        echo "Error: --loop2-agents value cannot be empty"
+        exit 1
+      fi
       validate_agent_list "$2" || { echo "Invalid Loop 2 agent list"; exit 1; }
       LOOP2_AGENTS="$2"
       shift 2
@@ -160,6 +183,10 @@ while [[ $# -gt 0 ]]; do
         echo "Error: --product-owner requires a value"
         exit 1
       fi
+      if [[ -z "$2" ]]; then
+        echo "Error: --product-owner value cannot be empty"
+        exit 1
+      fi
       PRODUCT_OWNER=$(sanitize_input "$2") || { echo "Invalid product owner"; exit 1; }
       shift 2
       ;;
@@ -553,22 +580,43 @@ function spawn_loop3_agents() {
     safe_agent_id=$(sanitize_input "$UNIQUE_AGENT_ID") || continue
 
     # Dual-mode agent spawning: Docker or CLI
-    # Docker mode: CFN_DOCKER_MODE=true or Docker socket available
-    # CLI mode: Default (uses npx)
-    if [[ "${CFN_DOCKER_MODE:-false}" == "true" ]] || [[ -S /var/run/docker.sock ]]; then
+    # Mode Selection Priority:
+    # 1. Explicit CFN_DOCKER_MODE='true'/'false' (highest priority - user override)
+    # 2. Automatic Docker socket detection (if CFN_DOCKER_MODE unset)
+    # 3. Default CLI mode (fallback if no Docker socket)
+    #
+    # BUG FIX: Respect CFN_DOCKER_MODE='false' even when Docker socket exists
+    SPAWN_MODE="cli"  # Default
+    SPAWN_REASON=""
+
+    if [[ "${CFN_DOCKER_MODE:-}" == "true" ]]; then
+        SPAWN_MODE="docker"
+        SPAWN_REASON="explicit CFN_DOCKER_MODE=true"
+    elif [[ "${CFN_DOCKER_MODE:-}" == "false" ]]; then
+        SPAWN_MODE="cli"
+        SPAWN_REASON="explicit CFN_DOCKER_MODE=false (overrides Docker socket detection)"
+    elif [[ -S /var/run/docker.sock ]]; then
+        SPAWN_MODE="docker"
+        SPAWN_REASON="automatic Docker socket detection"
+    else
+        SPAWN_MODE="cli"
+        SPAWN_REASON="default (no Docker socket)"
+    fi
+
+    if [[ "$SPAWN_MODE" == "docker" ]]; then
         # Docker-based spawning (prevents WebAssembly OOM)
-        echo "  → Docker mode: spawning via container" >&2
+        echo "  → Docker mode: ${SPAWN_REASON}" >&2
 
         # SECURITY FIX: Sanitize Docker environment variables to prevent command injection
-        CFN_DOCKER_IMAGE_SAFE=$(sanitize_docker_var "${CFN_DOCKER_IMAGE:-claude-flow-novice:agent}") || {
+        CFN_DOCKER_IMAGE_SAFE=$(sanitize_input "${CFN_DOCKER_IMAGE:-claude-flow-novice:agent}") || {
           echo "❌ Invalid CFN_DOCKER_IMAGE" >&2
           exit 1
         }
-        CFN_DOCKER_NETWORK_SAFE=$(sanitize_docker_var "${CFN_DOCKER_NETWORK:-mcp-network}") || {
+        CFN_DOCKER_NETWORK_SAFE=$(sanitize_input "${CFN_DOCKER_NETWORK:-mcp-network}") || {
           echo "❌ Invalid CFN_DOCKER_NETWORK" >&2
           exit 1
         }
-        CFN_MEMORY_LIMIT_SAFE=$(sanitize_docker_var "${CFN_MEMORY_LIMIT:-2g}") || {
+        CFN_MEMORY_LIMIT_SAFE=$(sanitize_input "${CFN_MEMORY_LIMIT:-2g}") || {
           echo "❌ Invalid CFN_MEMORY_LIMIT" >&2
           exit 1
         }
@@ -619,7 +667,7 @@ function spawn_loop3_agents() {
         AGENT_PID=$!
     else
         # CLI-based spawning (traditional approach)
-        echo "  → CLI mode: spawning via npx" >&2
+        echo "  → CLI mode: ${SPAWN_REASON}" >&2
 
         if command -v execute_instrumented >/dev/null 2>&1; then
             execute_instrumented "npx" "$CFN_VALIDATION_TIMEOUT" "$CFN_MEMORY_LIMIT" \

package/.claude/skills/cfn-redis-coordination/invoke-waiting-mode.sh

@@ -20,8 +20,9 @@ AGENT_ID=${3:-""}
 TIMEOUT=${4:-120}
 
 # Redis configuration
-REDIS_HOST=${REDIS_HOST:-"localhost"}
-REDIS_PORT=${REDIS_PORT:-6379}
+# Support both REDIS_HOST and CFN_REDIS_HOST (TypeScript uses CFN_REDIS_HOST)
+REDIS_HOST=${CFN_REDIS_HOST:-${REDIS_HOST:-"localhost"}}
+REDIS_PORT=${CFN_REDIS_PORT:-${REDIS_PORT:-6379}}
 REDIS_DB=${REDIS_DB:-0}
 
 # Debug output

package/.claude/skills/cfn-redis-coordination/redis-functions.sh

@@ -21,8 +21,9 @@ redis-cli() {
 export -f redis-cli
 
 # Optional: Set Redis connection defaults
-export REDIS_HOST="${REDIS_HOST:-localhost}"
-export REDIS_PORT="${REDIS_PORT:-6379}"
+# Support both REDIS_HOST and CFN_REDIS_HOST (TypeScript uses CFN_REDIS_HOST)
+export REDIS_HOST="${CFN_REDIS_HOST:-${REDIS_HOST:-localhost}}"
+export REDIS_PORT="${CFN_REDIS_PORT:-${REDIS_PORT:-6379}}"
 
 # Helper: Check if Redis is available (useful for conditional logic)
 is_redis_available() {

package/claude-assets/commands/cfn-loop-cli.md

@@ -21,26 +21,35 @@ MODE: Parse from --mode flag or default to "standard"
 MAX_ITERATIONS: Parse from --max-iterations flag or default to 10
 ```
 
-**Step 2: Generate Task ID**
+**Step 2: Set Redis Environment Variables (REQUIRED for non-Docker environments)**
+```bash
+# Set Redis connection parameters for CLI mode
+export CFN_REDIS_HOST=localhost
+export CFN_REDIS_PORT=6379
+
+echo "✅ Redis environment: $CFN_REDIS_HOST:$CFN_REDIS_PORT"
+```
+
+**Step 3: Generate Task ID**
 ```bash
 TASK_ID="cfn-cli-$(date +%s%N | tail -c 7)-${RANDOM}"
 ```
 
-**Step 2.5: Verify Redis Availability (REQUIRED for CLI mode coordination)**
+**Step 4: Verify Redis Availability (REQUIRED for CLI mode coordination)**
 ```bash
 # Verify Redis availability (REQUIRED for CLI mode coordination)
-if ! redis-cli PING >/dev/null 2>&1; then
-  echo "❌ ERROR: Redis not available"
+if ! redis-cli -h "$CFN_REDIS_HOST" -p "$CFN_REDIS_PORT" PING >/dev/null 2>&1; then
+  echo "❌ ERROR: Redis not available at $CFN_REDIS_HOST:$CFN_REDIS_PORT"
   echo "   CLI mode requires Redis for coordination"
   echo "   Start Redis: redis-server"
   echo "   Or use Task mode: /cfn-loop-task"
   exit 1
 fi
 
-echo "✅ Redis available"
+echo "✅ Redis available at $CFN_REDIS_HOST:$CFN_REDIS_PORT"
 ```
 
-**Step 3: Spawn Coordinator (REQUIRED - Execute this command now via Bash tool)**
+**Step 5: Spawn Coordinator (REQUIRED - Execute this command now via Bash tool)**
 ```bash
 npx claude-flow-novice agent cfn-v3-coordinator \
   --task-id "$TASK_ID" \
@@ -49,10 +58,10 @@ npx claude-flow-novice agent cfn-v3-coordinator \
   --background=true
 ```
 
-**Step 4: Inform User**
+**Step 6: Inform User**
 After spawning coordinator, tell user:
 - ✅ CFN Loop coordinator spawned with task ID: $TASK_ID
-- 📊 Monitor progress: `redis-cli HGETALL "cfn_loop:task:$TASK_ID:context"`
+- 📊 Monitor progress: `redis-cli -h $CFN_REDIS_HOST -p $CFN_REDIS_PORT HGETALL "cfn_loop:task:$TASK_ID:context"`
 - 🌐 Web dashboard: http://localhost:3000
 
 ---

package/claude-assets/skills/cfn-loop-orchestration/orchestrate.sh

@@ -61,6 +61,21 @@ mkdir -p "$CFN_TELEMETRY_DIR"
 # shellcheck source=./security_utils.sh
 source "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/security_utils.sh"
 
+##############################################################################
+# Input Sanitization (Security)
+##############################################################################
+sanitize_input() {
+  local input="$1"
+  local max_length="${2:-256}"  # Default max length 256 chars
+
+  # Truncate to max length
+  input="${input:0:$max_length}"
+
+  # Remove dangerous characters (only allow alphanumeric, dash, underscore, dot, comma, colon, space, forward slash)
+  # This covers task IDs, agent types, file paths, and JSON-like structures
+  echo "$input" | sed 's/[^a-zA-Z0-9._:, /-]//g'
+}
+
 HELPERS_DIR="$SCRIPT_DIR/helpers"
 REDIS_COORD_SKILL="$PROJECT_ROOT/.claude/skills/cfn-redis-coordination"
 
@@ -142,6 +157,10 @@ while [[ $# -gt 0 ]]; do
         echo "Error: --loop3-agents requires a value"
         exit 1
       fi
+      if [[ -z "$2" ]]; then
+        echo "Error: --loop3-agents value cannot be empty"
+        exit 1
+      fi
       validate_agent_list "$2" || { echo "Invalid Loop 3 agent list"; exit 1; }
       LOOP3_AGENTS="$2"
       shift 2
@@ -151,6 +170,10 @@ while [[ $# -gt 0 ]]; do
         echo "Error: --loop2-agents requires a value"
         exit 1
       fi
+      if [[ -z "$2" ]]; then
+        echo "Error: --loop2-agents value cannot be empty"
+        exit 1
+      fi
       validate_agent_list "$2" || { echo "Invalid Loop 2 agent list"; exit 1; }
       LOOP2_AGENTS="$2"
       shift 2
@@ -160,6 +183,10 @@ while [[ $# -gt 0 ]]; do
         echo "Error: --product-owner requires a value"
         exit 1
       fi
+      if [[ -z "$2" ]]; then
+        echo "Error: --product-owner value cannot be empty"
+        exit 1
+      fi
       PRODUCT_OWNER=$(sanitize_input "$2") || { echo "Invalid product owner"; exit 1; }
       shift 2
       ;;
@@ -553,22 +580,43 @@ function spawn_loop3_agents() {
     safe_agent_id=$(sanitize_input "$UNIQUE_AGENT_ID") || continue
 
     # Dual-mode agent spawning: Docker or CLI
-    # Docker mode: CFN_DOCKER_MODE=true or Docker socket available
-    # CLI mode: Default (uses npx)
-    if [[ "${CFN_DOCKER_MODE:-false}" == "true" ]] || [[ -S /var/run/docker.sock ]]; then
+    # Mode Selection Priority:
+    # 1. Explicit CFN_DOCKER_MODE='true'/'false' (highest priority - user override)
+    # 2. Automatic Docker socket detection (if CFN_DOCKER_MODE unset)
+    # 3. Default CLI mode (fallback if no Docker socket)
+    #
+    # BUG FIX: Respect CFN_DOCKER_MODE='false' even when Docker socket exists
+    SPAWN_MODE="cli"  # Default
+    SPAWN_REASON=""
+
+    if [[ "${CFN_DOCKER_MODE:-}" == "true" ]]; then
+        SPAWN_MODE="docker"
+        SPAWN_REASON="explicit CFN_DOCKER_MODE=true"
+    elif [[ "${CFN_DOCKER_MODE:-}" == "false" ]]; then
+        SPAWN_MODE="cli"
+        SPAWN_REASON="explicit CFN_DOCKER_MODE=false (overrides Docker socket detection)"
+    elif [[ -S /var/run/docker.sock ]]; then
+        SPAWN_MODE="docker"
+        SPAWN_REASON="automatic Docker socket detection"
+    else
+        SPAWN_MODE="cli"
+        SPAWN_REASON="default (no Docker socket)"
+    fi
+
+    if [[ "$SPAWN_MODE" == "docker" ]]; then
         # Docker-based spawning (prevents WebAssembly OOM)
-        echo "  → Docker mode: spawning via container" >&2
+        echo "  → Docker mode: ${SPAWN_REASON}" >&2
 
         # SECURITY FIX: Sanitize Docker environment variables to prevent command injection
-        CFN_DOCKER_IMAGE_SAFE=$(sanitize_docker_var "${CFN_DOCKER_IMAGE:-claude-flow-novice:agent}") || {
+        CFN_DOCKER_IMAGE_SAFE=$(sanitize_input "${CFN_DOCKER_IMAGE:-claude-flow-novice:agent}") || {
           echo "❌ Invalid CFN_DOCKER_IMAGE" >&2
           exit 1
         }
-        CFN_DOCKER_NETWORK_SAFE=$(sanitize_docker_var "${CFN_DOCKER_NETWORK:-mcp-network}") || {
+        CFN_DOCKER_NETWORK_SAFE=$(sanitize_input "${CFN_DOCKER_NETWORK:-mcp-network}") || {
           echo "❌ Invalid CFN_DOCKER_NETWORK" >&2
           exit 1
         }
-        CFN_MEMORY_LIMIT_SAFE=$(sanitize_docker_var "${CFN_MEMORY_LIMIT:-2g}") || {
+        CFN_MEMORY_LIMIT_SAFE=$(sanitize_input "${CFN_MEMORY_LIMIT:-2g}") || {
           echo "❌ Invalid CFN_MEMORY_LIMIT" >&2
           exit 1
         }
@@ -619,7 +667,7 @@ function spawn_loop3_agents() {
         AGENT_PID=$!
     else
         # CLI-based spawning (traditional approach)
-        echo "  → CLI mode: spawning via npx" >&2
+        echo "  → CLI mode: ${SPAWN_REASON}" >&2
 
         if command -v execute_instrumented >/dev/null 2>&1; then
             execute_instrumented "npx" "$CFN_VALIDATION_TIMEOUT" "$CFN_MEMORY_LIMIT" \

package/claude-assets/skills/cfn-redis-coordination/invoke-waiting-mode.sh

@@ -20,8 +20,9 @@ AGENT_ID=${3:-""}
 TIMEOUT=${4:-120}
 
 # Redis configuration
-REDIS_HOST=${REDIS_HOST:-"localhost"}
-REDIS_PORT=${REDIS_PORT:-6379}
+# Support both REDIS_HOST and CFN_REDIS_HOST (TypeScript uses CFN_REDIS_HOST)
+REDIS_HOST=${CFN_REDIS_HOST:-${REDIS_HOST:-"localhost"}}
+REDIS_PORT=${CFN_REDIS_PORT:-${REDIS_PORT:-6379}}
 REDIS_DB=${REDIS_DB:-0}
 
 # Debug output

package/claude-assets/skills/cfn-redis-coordination/redis-functions.sh

@@ -21,8 +21,9 @@ redis-cli() {
 export -f redis-cli
 
 # Optional: Set Redis connection defaults
-export REDIS_HOST="${REDIS_HOST:-localhost}"
-export REDIS_PORT="${REDIS_PORT:-6379}"
+# Support both REDIS_HOST and CFN_REDIS_HOST (TypeScript uses CFN_REDIS_HOST)
+export REDIS_HOST="${CFN_REDIS_HOST:-${REDIS_HOST:-localhost}}"
+export REDIS_PORT="${CFN_REDIS_PORT:-${REDIS_PORT:-6379}}"
 
 # Helper: Check if Redis is available (useful for conditional logic)
 is_redis_available() {