npm - claude-flow-novice - Versions diffs - 2.3.5 → 2.3.6 - Mend

claude-flow-novice 2.3.5 → 2.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (347) hide show

package/dist/scripts/security-scan.js DELETED Viewed

@@ -1,492 +0,0 @@
-#!/usr/bin/env node
-/**
- * Security Scan Script
- * Scans codebase for security vulnerabilities and hardcoded secrets
- */
-import fs from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-import { execSync } from 'child_process';
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-const rootDir = path.join(__dirname, '..');
-class SecurityScanner {
-  constructor() {
-    this.issues = [];
-    this.warnings = [];
-    this.sensitivePatterns = [
-      // API Keys and Tokens
-      {
-        name: 'API Key',
-        pattern: /api[_-]?key\s*[:=]\s*['"]([a-zA-Z0-9]{20,})['"]/gi,
-        severity: 'high'
-      },
-      {
-        name: 'Secret Token',
-        pattern: /secret[_-]?token\s*[:=]\s*['"]([a-zA-Z0-9]{20,})['"]/gi,
-        severity: 'high'
-      },
-      {
-        name: 'Access Token',
-        pattern: /access[_-]?token\s*[:=]\s*['"]([a-zA-Z0-9]{20,})['"]/gi,
-        severity: 'high'
-      },
-      {
-        name: 'JWT Secret',
-        pattern: /jwt[_-]?secret\s*[:=]\s*['"]([a-zA-Z0-9+/]{32,})['"]/gi,
-        severity: 'high'
-      },
-      // Passwords
-      {
-        name: 'Password',
-        pattern: /password\s*[:=]\s*['"]([^'"]{8,})['"]/gi,
-        severity: 'critical'
-      },
-      {
-        name: 'Database Password',
-        pattern: /(db|database)[_-]?password\s*[:=]\s*['"]([^'"]+)['"]/gi,
-        severity: 'critical'
-      },
-      // Private Keys and Certificates
-      {
-        name: 'Private Key',
-        pattern: /-----BEGIN (RSA )?PRIVATE KEY-----/g,
-        severity: 'critical'
-      },
-      {
-        name: 'Certificate',
-        pattern: /-----BEGIN CERTIFICATE-----/g,
-        severity: 'medium'
-      },
-      // URLs and Endpoints
-      {
-        name: 'Internal URL',
-        pattern: /https?:\/\/(localhost|127\.0\.0\.1|0\.0\.0\.0|192\.168\.|10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.)/gi,
-        severity: 'medium'
-      },
-      // Database Connection Strings
-      {
-        name: 'Database URL',
-        pattern: /(mongodb|mysql|postgresql|redis):\/\/[^:]+:[^@]+@/gi,
-        severity: 'high'
-      },
-      // Cloud Provider Secrets
-      {
-        name: 'AWS Access Key',
-        pattern: /AKIA[0-9A-Z]{16}/g,
-        severity: 'critical'
-      },
-      {
-        name: 'AWS Secret Key',
-        pattern: /aws[_-]?secret[_-]?access[_-]?key\s*[:=]\s*['"]([a-zA-Z0-9+/]{40})['"]/gi,
-        severity: 'critical'
-      },
-      {
-        name: 'Google API Key',
-        pattern: /AIza[0-9A-Za-z_-]{35}/g,
-        severity: 'high'
-      }
-    ];
-    this.insecurePatterns = [
-      {
-        name: 'Eval Usage',
-        pattern: /eval\s*\(/g,
-        severity: 'high',
-        recommendation: 'Avoid using eval() as it can execute arbitrary code'
-      },
-      {
-        name: 'Function Constructor',
-        pattern: /Function\s*\(/g,
-        severity: 'high',
-        recommendation: 'Avoid using Function() constructor as it can execute arbitrary code'
-      },
-      {
-        name: 'innerHTML Usage',
-        pattern: /\.innerHTML\s*=/g,
-        severity: 'medium',
-        recommendation: 'Use textContent or DOM methods instead of innerHTML to prevent XSS'
-      },
-      {
-        name: 'document.write',
-        pattern: /document\.write\s*\(/g,
-        severity: 'medium',
-        recommendation: 'Avoid document.write() as it can introduce XSS vulnerabilities'
-      },
-      {
-        name: 'Unsafe Regex',
-        pattern: /new RegExp\s*\([^)]*\+/g,
-        severity: 'medium',
-        recommendation: 'Be careful with regex patterns that could lead to ReDoS attacks'
-      }
-    ];
-    this.excludedDirectories = [
-      'node_modules',
-      '.git',
-      'dist',
-      'build',
-      'coverage',
-      '.nyc_output',
-      '.claude-flow-novice/dist'
-    ];
-    this.excludedFiles = [
-      '*.min.js',
-      '*.bundle.js',
-      'package-lock.json',
-      'yarn.lock'
-    ];
-  }
-  async scan() {
-    console.log('🔒 Starting security scan...');
-    console.log('='.repeat(50));
-    await this.scanFiles();
-    await this.scanDependencies();
-    await this.scanPermissions();
-    this.generateReport();
-  }
-  async scanFiles() {
-    console.log('📁 Scanning source files...');
-    const files = this.getSourceFiles();
-    let scannedCount = 0;
-    for (const file of files) {
-      try {
-        const content = fs.readFileSync(file, 'utf8');
-        this.scanFileContent(file, content);
-        scannedCount++;
-      } catch (error) {
-        // Skip files that can't be read
-      }
-    }
-    console.log(`✅ Scanned ${scannedCount} files`);
-  }
-  scanFileContent(filePath, content) {
-    const lines = content.split('\n');
-    // Check for sensitive information
-    this.sensitivePatterns.forEach(pattern => {
-      let match;
-      while ((match = pattern.pattern.exec(content)) !== null) {
-        const lineNumber = content.substring(0, match.index).split('\n').length;
-        const lineContent = lines[lineNumber - 1] || '';
-        this.issues.push({
-          type: 'sensitive_data',
-          severity: pattern.severity,
-          rule: pattern.name,
-          file: filePath,
-          line: lineNumber,
-          content: lineContent.trim(),
-          match: match[0],
-          recommendation: 'Remove hardcoded secrets and use environment variables or secure configuration'
-        });
-      }
-    });
-    // Check for insecure patterns
-    this.insecurePatterns.forEach(pattern => {
-      let match;
-      while ((match = pattern.pattern.exec(content)) !== null) {
-        const lineNumber = content.substring(0, match.index).split('\n').length;
-        const lineContent = lines[lineNumber - 1] || '';
-        this.issues.push({
-          type: 'insecure_pattern',
-          severity: pattern.severity,
-          rule: pattern.name,
-          file: filePath,
-          line: lineNumber,
-          content: lineContent.trim(),
-          match: match[0],
-          recommendation: pattern.recommendation
-        });
-      }
-    });
-  }
-  async scanDependencies() {
-    console.log('📦 Scanning dependencies...');
-    try {
-      // Run npm audit
-      const auditOutput = execSync('npm audit --json', {
-        encoding: 'utf8',
-        cwd: rootDir,
-        stdio: 'pipe'
-      });
-      const auditResult = JSON.parse(auditOutput);
-      const vulnerabilities = auditResult.vulnerabilities || {};
-      Object.values(vulnerabilities).forEach(vuln => {
-        this.issues.push({
-          type: 'dependency_vulnerability',
-          severity: this.mapNpmSeverity(vuln.severity),
-          rule: 'Dependency Vulnerability',
-          file: 'package.json',
-          package: vuln.name,
-          version: vuln.version,
-          severity: vuln.severity,
-          title: vuln.title,
-          url: vuln.url,
-          recommendation: `Update ${vuln.name} to a fixed version`
-        });
-      });
-      console.log('✅ Dependency scan completed');
-    } catch (error) {
-      this.warnings.push(`Could not run npm audit: ${error.message}`);
-    }
-  }
-  async scanPermissions() {
-    console.log('🔐 Scanning file permissions...');
-    const files = this.getSourceFiles();
-    let permissionIssues = 0;
-    for (const file of files) {
-      try {
-        const stats = fs.statSync(file);
-        const mode = stats.mode;
-        // Check for overly permissive file permissions
-        if ((mode & 0o777) > 0o644) {
-          this.warnings.push({
-            type: 'file_permissions',
-            severity: 'low',
-            rule: 'File Permissions',
-            file: file,
-            mode: mode.toString(8),
-            recommendation: 'Consider restricting file permissions to 644 or less'
-          });
-          permissionIssues++;
-        }
-      } catch (error) {
-        // Skip files that can't be accessed
-      }
-    }
-    console.log(`✅ Permission scan completed (${permissionIssues} issues found)`);
-  }
-  getSourceFiles() {
-    const extensions = ['.js', '.ts', '.jsx', '.tsx', '.json', '.md', '.yml', '.yaml'];
-    const sourceFiles = [];
-    function scanDirectory(dir) {
-      try {
-        const files = fs.readdirSync(dir);
-        for (const file of files) {
-          const fullPath = path.join(dir, file);
-          const stat = fs.statSync(fullPath);
-          if (stat.isDirectory()) {
-            if (!this.excludedDirectories.includes(file) && !file.startsWith('.')) {
-              scanDirectory(fullPath);
-            }
-          } else if (stat.isFile()) {
-            const isExcluded = this.excludedFiles.some(pattern => {
-              const regex = new RegExp(pattern.replace('*', '.*'));
-              return regex.test(file);
-            });
-            if (!isExcluded && extensions.some(ext => file.endsWith(ext))) {
-              sourceFiles.push(fullPath);
-            }
-          }
-        }
-      } catch (error) {
-        // Skip directories that can't be accessed
-      }
-    }
-    scanDirectory.call(this, rootDir);
-    return sourceFiles;
-  }
-  mapNpmSeverity(npmSeverity) {
-    const mapping = {
-      'low': 'low',
-      'moderate': 'medium',
-      'high': 'high',
-      'critical': 'critical'
-    };
-    return mapping[npmSeverity] || 'medium';
-  }
-  generateReport() {
-    console.log('\n🔒 Security Scan Report');
-    console.log('='.repeat(50));
-    // Count issues by severity
-    const severityCount = {
-      critical: 0,
-      high: 0,
-      medium: 0,
-      low: 0
-    };
-    this.issues.forEach(issue => {
-      severityCount[issue.severity]++;
-    });
-    // Summary
-    console.log(`\n📊 Summary:`);
-    console.log(`  Critical: ${severityCount.critical}`);
-    console.log(`  High: ${severityCount.high}`);
-    console.log(`  Medium: ${severityCount.medium}`);
-    console.log(`  Low: ${severityCount.low}`);
-    console.log(`  Warnings: ${this.warnings.length}`);
-    const totalIssues = this.issues.length;
-    const criticalOrHigh = severityCount.critical + severityCount.high;
-    if (criticalOrHigh > 0) {
-      console.log(`\n🚫 ${criticalOrHigh} critical/high severity issues found!`);
-    } else if (totalIssues > 0) {
-      console.log(`\n⚠️  ${totalIssues} security issues found`);
-    } else {
-      console.log('\n✅ No security issues found!');
-    }
-    // Group issues by type
-    const issuesByType = {};
-    this.issues.forEach(issue => {
-      if (!issuesByType[issue.type]) {
-        issuesByType[issue.type] = [];
-      }
-      issuesByType[issue.type].push(issue);
-    });
-    // Detailed findings
-    if (totalIssues > 0) {
-      console.log('\n🔍 Detailed Findings:');
-      console.log('-'.repeat(50));
-      Object.entries(issuesByType).forEach(([type, issues]) => {
-        console.log(`\n${this.formatIssueType(type)} (${issues.length} issues):`);
-        // Show only first 5 issues of each type to avoid flooding output
-        issues.slice(0, 5).forEach(issue => {
-          const icon = this.getSeverityIcon(issue.severity);
-          console.log(`  ${icon} ${issue.rule}`);
-          console.log(`     File: ${issue.file}:${issue.line || 'N/A'}`);
-          console.log(`     Content: ${issue.content || issue.match || issue.package}`);
-          if (issue.recommendation) {
-            console.log(`     Recommendation: ${issue.recommendation}`);
-          }
-          console.log('');
-        });
-        if (issues.length > 5) {
-          console.log(`     ... and ${issues.length - 5} more ${type} issues`);
-        }
-      });
-    }
-    // Warnings
-    if (this.warnings.length > 0) {
-      console.log('\n⚠️  Warnings:');
-      this.warnings.forEach(warning => {
-        if (typeof warning === 'string') {
-          console.log(`   • ${warning}`);
-        } else {
-          console.log(`   • ${warning.rule}: ${warning.file}`);
-        }
-      });
-    }
-    // Recommendations
-    this.generateRecommendations(severityCount);
-    // Exit code
-    process.exit(criticalOrHigh > 0 ? 1 : 0);
-  }
-  formatIssueType(type) {
-    return type.split('_').map(word =>
-      word.charAt(0).toUpperCase() + word.slice(1)
-    ).join(' ');
-  }
-  getSeverityIcon(severity) {
-    const icons = {
-      critical: '🚨',
-      high: '🔴',
-      medium: '🟡',
-      low: '🟢'
-    };
-    return icons[severity] || '⚪';
-  }
-  generateRecommendations(severityCount) {
-    console.log('\n💡 Recommendations:');
-    console.log('-'.repeat(50));
-    if (severityCount.critical > 0) {
-      console.log('🚨 CRITICAL: Address immediately');
-      console.log('   • Remove all hardcoded secrets and keys');
-      console.log('   • Use environment variables or secret management');
-      console.log('   • Update vulnerable dependencies');
-    }
-    if (severityCount.high > 0) {
-      console.log('🔴 HIGH: Fix before next release');
-      console.log('   • Review and remove sensitive data');
-      console.log('   • Replace insecure coding patterns');
-      console.log('   • Audit dependency versions');
-    }
-    if (severityCount.medium > 0) {
-      console.log('🟡 MEDIUM: Address soon');
-      console.log('   • Improve secure coding practices');
-      console.log('   • Add input validation and sanitization');
-      console.log('   • Review file permissions');
-    }
-    if (severityCount.low > 0) {
-      console.log('🟢 LOW: Good to fix');
-      console.log('   • Follow security best practices');
-      console.log('   • Add security testing to CI pipeline');
-    }
-    if (this.issues.length === 0) {
-      console.log('✅ Great job! Continue following security best practices:');
-      console.log('   • Regularly update dependencies');
-      console.log('   • Use environment variables for secrets');
-      console.log('   • Implement security testing in CI/CD');
-      console.log('   • Regular security audits');
-    }
-  }
-}
-// CLI Interface
-async function main() {
-  const scanner = new SecurityScanner();
-  await scanner.scan();
-}
-main().catch(error => {
-  console.error('❌ Security scan failed:', error);
-  process.exit(1);
-});

package/dist/scripts/src/web/frontend/.claude-flow/metrics/agent-metrics.json DELETED Viewed

	@@ -1 +0,0 @@
1	- {}

package/dist/scripts/src/web/frontend/.claude-flow/metrics/performance.json DELETED Viewed

@@ -1,9 +0,0 @@
-{
-  "startTime": 1759323973407,
-  "totalTasks": 1,
-  "successfulTasks": 1,
-  "failedTasks": 0,
-  "totalAgents": 0,
-  "activeAgents": 0,
-  "neuralEvents": 0
-}

package/dist/scripts/src/web/frontend/.claude-flow/metrics/task-metrics.json DELETED Viewed

@@ -1,10 +0,0 @@
-[
-  {
-    "id": "cmd-hooks-1759323973459",
-    "type": "hooks",
-    "success": true,
-    "duration": 20.348606999999987,
-    "timestamp": 1759323973479,
-    "metadata": {}
-  }
-]

package/dist/scripts/switch-api.sh DELETED Viewed

@@ -1,159 +0,0 @@
-#!/bin/bash
-# Claude API Switcher - Switch between Claude Max and z.ai
-# Usage: scripts/switch-api.sh [zai|max|status|save|restore|list]
-SETTINGS_FILE="$HOME/.claude/settings.json"
-BACKUP_DIR="$HOME/.claude-api-configs"
-# Create backup directory if it doesn't exist
-mkdir -p "$BACKUP_DIR"
-# Function to display current API
-show_current() {
-    if grep -q "ANTHROPIC_BASE_URL" "$SETTINGS_FILE" 2>/dev/null; then
-        BASE_URL=$(grep "ANTHROPIC_BASE_URL" "$SETTINGS_FILE" | cut -d'"' -f4)
-        if [[ "$BASE_URL" == *"z.ai"* ]]; then
-            echo "✓ Current API: z.ai (GLM-4.6 models)"
-        else
-            echo "✓ Current API: $BASE_URL"
-        fi
-    else
-        echo "✓ Current API: Claude Max (api.anthropic.com)"
-    fi
-}
-# Function to save current config
-save_current() {
-    local name=$1
-    cp "$SETTINGS_FILE" "$BACKUP_DIR/settings-$name.json"
-    echo "✓ Saved current settings as '$name'"
-}
-# Function to switch to z.ai
-switch_to_zai() {
-    cat > "$SETTINGS_FILE" << 'SETTINGS'
-{
-  "$schema": "https://json.schemastore.org/claude-code-settings.json",
-  "model": "sonnet",
-  "feedbackSurveyState": {
-    "lastShownTime": 1754086518944
-  },
-  "terminal": {
-    "disableRawMode": true
-  },
-  "env": {
-    "ANTHROPIC_BASE_URL": "https://api.z.ai/api/anthropic",
-    "ANTHROPIC_AUTH_TOKEN": "cca13d09dcd6407183efe9e24c804cca.QO8R0JxF4fucsoWL",
-    "ANTHROPIC_DEFAULT_OPUS_MODEL": "GLM-4.6",
-    "ANTHROPIC_DEFAULT_SONNET_MODEL": "GLM-4.6",
-    "ANTHROPIC_DEFAULT_HAIKU_MODEL": "GLM-4.6"
-  },
-  "hybridRouting": {
-    "enabled": false,
-    "mode": "pure-provider"
-  }
-}
-SETTINGS
-    echo "✓ Switched to z.ai API"
-    echo "  Using GLM-4.6 for all models (Opus, Sonnet, Haiku)"
-    echo ""
-    echo "  Pure Provider Mode (All z.ai)"
-    echo "   • All sessions use z.ai ($0.10-2/1M)"
-    echo "   • CLI fallback: GLM-4.5 on rate limits/4xx errors"
-}
-# Function to switch to Claude Max
-switch_to_claude_max() {
-    cat > "$SETTINGS_FILE" << 'SETTINGS'
-{
-  "$schema": "https://json.schemastore.org/claude-code-settings.json",
-  "model": "sonnet",
-  "feedbackSurveyState": {
-    "lastShownTime": 1754086518944
-  },
-  "terminal": {
-    "disableRawMode": true
-  },
-  "hybridRouting": {
-    "enabled": true,
-    "mode": "cli-hybrid",
-    "coordinator": "claude-max",
-    "workers": "zai"
-  }
-}
-SETTINGS
-    echo "✓ Switched to Claude Max (Official Anthropic API)"
-    echo "  Run 'claude login' if authentication is needed"
-    echo ""
-    echo "🔀 Hybrid Routing ENABLED (CLI-based)"
-    echo "   • Main chat: Claude Max subscription ($0)"
-    echo "   • Coordinators: Claude Max via Task tool ($0)"
-    echo "   • Workers: Z.ai via CLI spawning ($0.10-2/1M)"
-    echo "   • Expected savings: 97% on worker costs"
-}
-# Main menu
-case "$1" in
-    status|current|"")
-        show_current
-        ;;
-    zai|z.ai)
-        echo "Switching to z.ai..."
-        switch_to_zai
-        show_current
-        ;;
-    max|claude|official|anthropic)
-        echo "Switching to Claude Max..."
-        switch_to_claude_max
-        show_current
-        ;;
-    save)
-        if [ -z "$2" ]; then
-            echo "Usage: $0 save <config-name>"
-            exit 1
-        fi
-        save_current "$2"
-        ;;
-    restore)
-        if [ -z "$2" ]; then
-            echo "Available configs:"
-            ls -1 "$BACKUP_DIR" 2>/dev/null | sed 's/settings-//g' | sed 's/.json//g' | sed 's/^/  • /'
-            exit 1
-        fi
-        if [ -f "$BACKUP_DIR/settings-$2.json" ]; then
-            cp "$BACKUP_DIR/settings-$2.json" "$SETTINGS_FILE"
-            echo "✓ Restored config '$2'"
-            show_current
-        else
-            echo "✗ Config '$2' not found"
-            exit 1
-        fi
-        ;;
-    list)
-        echo "Saved configurations:"
-        if ls "$BACKUP_DIR"/settings-*.json 1> /dev/null 2>&1; then
-            ls -1 "$BACKUP_DIR" 2>/dev/null | sed 's/settings-//g' | sed 's/.json//g' | sed 's/^/  • /'
-        else
-            echo "  (none)"
-        fi
-        ;;
-    help|--help|-h)
-        echo "Claude API Switcher"
-        echo ""
-        echo "Usage: $0 [command] [args]"
-        echo ""
-        echo "Commands:"
-        echo "  status             Show current API configuration"
-        echo "  zai                Switch to z.ai API (GLM models)"
-        echo "  max                Switch to Claude Max (Official API)"
-        echo "  save <name>        Save current config with a name"
-        echo "  restore <name>     Restore a saved config"
-        echo "  list               List all saved configurations"
-        echo ""
-        ;;
-    *)
-        echo "Unknown command: $1"
-        echo "Run '$0 help' for usage"
-        exit 1
-        ;;
-esac