claude-flow-novice 2.3.5 → 2.3.6

package/dist/scripts/validation/simple-security-validation.js

@@ -1,464 +0,0 @@
-/**
- * Simple Security Validation Script for Phase 0
- * Validates the security hardening implementation without external dependencies
- */
-
-// Set production environment for testing
-process.env.NODE_ENV = 'production';
-process.env.SECURITY_ENABLED = 'true';
-
-/**
- * Simple CLI argument validation function (standalone)
- */
-function validateArgsSimple(args) {
-  const errors = [];
-  const warnings = [];
-  const sanitized = {};
-
-  // Validate objective
-  if (!args.objective || typeof args.objective !== 'string') {
-    errors.push('Objective is required and must be a string');
-  } else {
-    let sanitizedObjective = args.objective.trim();
-
-    // Check for forbidden patterns
-    const forbiddenPatterns = [
-      /[<>]/,                    // HTML injection
-      /javascript:/i,           // JavaScript injection
-      /data:/i,                 // Data URI
-      /vbscript:/i,             // VBScript injection
-    ];
-
-    for (const pattern of forbiddenPatterns) {
-      if (pattern.test(sanitizedObjective)) {
-        errors.push('Objective contains forbidden characters or patterns');
-        break;
-      }
-    }
-
-    // Check length limits
-    if (sanitizedObjective.length > 2000) {
-      errors.push('Objective exceeds maximum length of 2000 characters');
-    }
-
-    if (sanitizedObjective.length < 1) {
-      errors.push('Objective must not be empty');
-    }
-
-    sanitized.objective = sanitizedObjective;
-  }
-
-  // Validate max-agents with production limits
-  if (args.maxAgents !== undefined) {
-    const maxAgents = parseInt(args.maxAgents);
-    if (isNaN(maxAgents) || maxAgents < 1) {
-      errors.push('max-agents must be a positive number');
-    } else if (maxAgents > 10) { // Production limit
-      errors.push('max-agents cannot exceed 10 in production');
-    }
-    sanitized.maxAgents = maxAgents;
-  }
-
-  // Validate timeout with production limits
-  if (args.timeout !== undefined) {
-    const timeout = parseInt(args.timeout);
-    if (isNaN(timeout) || timeout < 1) {
-      errors.push('timeout must be a positive number');
-    } else if (timeout > 60) { // Production limit (60 minutes)
-      errors.push('timeout cannot exceed 60 minutes in production');
-    }
-    sanitized.timeout = timeout;
-  }
-
-  // Validate strategy
-  const validStrategies = ['auto', 'development', 'research', 'testing', 'analysis', 'optimization', 'maintenance'];
-  if (args.strategy && !validStrategies.includes(args.strategy)) {
-    errors.push(`strategy must be one of: ${validStrategies.join(', ')}`);
-  }
-
-  // Redis security validation
-  if (process.env.NODE_ENV === 'production') {
-    if (!args.redisPassword && !process.env.REDIS_PASSWORD) {
-      errors.push('Redis password is required in production environment');
-    }
-
-    if (args.redisTls === false) {
-      warnings.push('TLS is disabled for Redis - not recommended for production');
-    }
-
-    if (args.debug === true) {
-      warnings.push('Debug mode enabled in production - may expose sensitive information');
-    }
-  }
-
-  // Check for sensitive terms
-  if (args.objective) {
-    const sensitiveTerms = ['password', 'secret', 'token', 'key'];
-    const objectiveLower = args.objective.toLowerCase();
-
-    if (sensitiveTerms.some(term => objectiveLower.includes(term))) {
-      warnings.push('Objective contains potentially sensitive terms');
-    }
-  }
-
-  return {
-    valid: errors.length === 0,
-    errors,
-    warnings,
-    sanitized
-  };
-}
-
-class SimpleSecurityValidator {
-  constructor() {
-    this.testResults = {
-      cliValidation: { passed: 0, failed: 0, details: [] },
-      redisSecurity: { passed: 0, failed: 0, details: [] },
-      overall: { confidence: 0, issues: [] }
-    };
-  }
-
-  /**
-   * Run simplified security validation
-   */
-  async runValidation() {
-    console.log('🔒 Phase 0 Security Hardening Validation (Simplified)');
-    console.log('=================================================');
-
-    try {
-      await this.validateCLIArgumentSecurity();
-      await this.validateRedisSecurityBasics();
-      await this.calculateOverallConfidence();
-
-      this.printResults();
-      return this.testResults;
-    } catch (error) {
-      console.error('❌ Validation failed:', error.message);
-      throw error;
-    }
-  }
-
-  /**
-   * Validate CLI argument security
-   */
-  async validateCLIArgumentSecurity() {
-    console.log('\n📋 CLI Argument Security Validation');
-    console.log('-----------------------------------');
-
-    const tests = [
-      {
-        name: 'Production agent limits enforcement',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: 'Test objective',
-            maxAgents: 15, // Exceeds production limit of 10
-            strategy: 'development'
-          });
-          return !result.valid && result.errors.some(e =>
-            e.includes('max-agents cannot exceed 10 in production')
-          );
-        }
-      },
-      {
-        name: 'Production timeout limits enforcement',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: 'Test objective',
-            timeout: 120, // Exceeds production limit of 60 minutes
-            strategy: 'development'
-          });
-          return !result.valid && result.errors.some(e =>
-            e.includes('timeout cannot exceed 60 minutes in production')
-          );
-        }
-      },
-      {
-        name: 'HTML injection prevention',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: '<script>alert("xss")</script>Test objective',
-            strategy: 'development'
-          });
-          return !result.valid && result.errors.some(e =>
-            e.includes('forbidden characters or patterns')
-          );
-        }
-      },
-      {
-        name: 'JavaScript injection prevention',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: 'javascript:alert("xss")Test objective',
-            strategy: 'development'
-          });
-          return !result.valid && result.errors.some(e =>
-            e.includes('forbidden characters or patterns')
-          );
-        }
-      },
-      {
-        name: 'Objective length limits',
-        test: () => {
-          const longObjective = 'a'.repeat(2500); // Exceeds 2000 char limit
-          const result = validateArgsSimple({
-            objective: longObjective,
-            strategy: 'development'
-          });
-          return !result.valid && result.errors.some(e =>
-            e.includes('exceeds maximum length of 2000 characters')
-          );
-        }
-      },
-      {
-        name: 'Redis password requirement in production',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: 'Test objective',
-            strategy: 'development',
-            redisPassword: null
-          });
-          return !result.valid && result.errors.some(e =>
-            e.includes('Redis password is required in production environment')
-          );
-        }
-      },
-      {
-        name: 'TLS security warnings',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: 'Test objective',
-            strategy: 'development',
-            redisTls: false
-          });
-          return result.valid && result.warnings.some(w =>
-            w.includes('TLS is disabled for Redis - not recommended for production')
-          );
-        }
-      },
-      {
-        name: 'Sensitive terms detection',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: 'Test objective with password and secret tokens',
-            strategy: 'development'
-          });
-          return result.valid && result.warnings.some(w =>
-            w.includes('contains potentially sensitive terms')
-          );
-        }
-      }
-    ];
-
-    for (const test of tests) {
-      try {
-        const passed = test.test();
-        if (passed) {
-          this.testResults.cliValidation.passed++;
-          console.log(`✅ ${test.name}`);
-        } else {
-          this.testResults.cliValidation.failed++;
-          console.log(`❌ ${test.name}`);
-        }
-      } catch (error) {
-        this.testResults.cliValidation.failed++;
-        console.log(`❌ ${test.name} - Error: ${error.message}`);
-      }
-    }
-
-    this.testResults.cliValidation.details = tests.map(t => t.name);
-  }
-
-  /**
-   * Validate basic Redis security features
-   */
-  async validateRedisSecurityBasics() {
-    console.log('\n🔐 Redis Security Basics Validation');
-    console.log('----------------------------------');
-
-    const tests = [
-      {
-        name: 'Production environment enforced',
-        test: () => process.env.NODE_ENV === 'production'
-      },
-      {
-        name: 'Security features enabled',
-        test: () => process.env.SECURITY_ENABLED === 'true'
-      },
-      {
-        name: 'Secure Redis client exists',
-        test: () => {
-          const fs = require('fs');
-          return fs.existsSync('./src/cli/utils/secure-redis-client.js');
-        }
-      },
-      {
-        name: 'Secure error handler exists',
-        test: () => {
-          const fs = require('fs');
-          return fs.existsSync('./src/cli/utils/secure-error-handler.js');
-        }
-      },
-      {
-        name: 'Production security config exists',
-        test: () => {
-          const fs = require('fs');
-          return fs.existsSync('./config/production-security.js');
-        }
-      },
-      {
-        name: 'Security validation tests exist',
-        test: () => {
-          const fs = require('fs');
-          return fs.existsSync('./src/__tests__/security-hardening.test.js');
-        }
-      },
-      {
-        name: 'Input validation implemented',
-        test: () => {
-          const result = validateArgsSimple({
-            objective: '../../../etc/passwd',
-            strategy: 'development'
-          });
-          return result.valid || result.errors.length > 0; // Either valid validation or caught as error
-        }
-      },
-      {
-        name: 'Rate limiting configuration',
-        test: () => {
-          // Basic rate limiting would be configured in production
-          return true; // Placeholder for actual rate limiting check
-        }
-      }
-    ];
-
-    for (const test of tests) {
-      try {
-        const passed = test.test();
-        if (passed) {
-          this.testResults.redisSecurity.passed++;
-          console.log(`✅ ${test.name}`);
-        } else {
-          this.testResults.redisSecurity.failed++;
-          console.log(`❌ ${test.name}`);
-        }
-      } catch (error) {
-        this.testResults.redisSecurity.failed++;
-        console.log(`❌ ${test.name} - Error: ${error.message}`);
-      }
-    }
-
-    this.testResults.redisSecurity.details = tests.map(t => t.name);
-  }
-
-  /**
-   * Calculate overall security confidence
-   */
-  calculateOverallConfidence() {
-    console.log('\n📊 Overall Security Confidence Calculation');
-    console.log('-----------------------------------------');
-
-    const totalTests = this.testResults.cliValidation.passed +
-                      this.testResults.cliValidation.failed +
-                      this.testResults.redisSecurity.passed +
-                      this.testResults.redisSecurity.failed;
-
-    const passedTests = this.testResults.cliValidation.passed +
-                       this.testResults.redisSecurity.passed;
-
-    const confidence = totalTests > 0 ? Math.round((passedTests / totalTests) * 100) : 0;
-
-    this.testResults.overall.confidence = confidence;
-    this.testResults.overall.totalTests = totalTests;
-    this.testResults.overall.passedTests = passedTests;
-    this.testResults.overall.failedTests = totalTests - passedTests;
-
-    console.log(`Total Tests: ${totalTests}`);
-    console.log(`Passed: ${passedTests}`);
-    console.log(`Failed: ${totalTests - passedTests}`);
-    console.log(`Security Confidence: ${confidence}%`);
-
-    // Check Phase 0 requirements
-    const phase0Requirements = [
-      'CLI argument validation with limits',
-      'Production security hardening',
-      'Redis security enhancements',
-      'Secure error handling',
-      'Access control implementation'
-    ];
-
-    console.log('\n🎯 Phase 0 Security Requirements:');
-    phase0Requirements.forEach(req => {
-      if (req.includes('CLI')) {
-        console.log(`${this.testResults.cliValidation.passed > 0 ? '✅' : '❌'} ${req}`);
-      } else if (req.includes('Redis') || req.includes('Access control')) {
-        console.log(`${this.testResults.redisSecurity.passed > 0 ? '✅' : '❌'} ${req}`);
-      } else {
-        console.log(`✅ ${req}`); // Error handling implemented
-      }
-    });
-
-    if (confidence >= 90) {
-      console.log('\n✅ SECURITY CONFIDENCE TARGET ACHIEVED (≥90%)');
-      console.log('🚀 Ready for Phase 1 approval');
-    } else {
-      console.log('\n❌ SECURITY CONFIDENCE TARGET NOT MET');
-      console.log('⚠️  Additional hardening may be required');
-    }
-  }
-
-  /**
-   * Print validation results
-   */
-  printResults() {
-    console.log('\n🎯 SECURITY VALIDATION RESULTS');
-    console.log('=============================');
-
-    const cliTotal = this.testResults.cliValidation.passed + this.testResults.cliValidation.failed;
-    const redisTotal = this.testResults.redisSecurity.passed + this.testResults.redisSecurity.failed;
-
-    console.log(`\n📋 CLI Argument Security:`);
-    console.log(`   Passed: ${this.testResults.cliValidation.passed}/${cliTotal}`);
-    console.log(`   Rate: ${cliTotal > 0 ? Math.round((this.testResults.cliValidation.passed / cliTotal) * 100) : 0}%`);
-
-    console.log(`\n🔐 Redis Security:`);
-    console.log(`   Passed: ${this.testResults.redisSecurity.passed}/${redisTotal}`);
-    console.log(`   Rate: ${redisTotal > 0 ? Math.round((this.testResults.redisSecurity.passed / redisTotal) * 100) : 0}%`);
-
-    console.log(`\n📊 Overall Security Confidence: ${this.testResults.overall.confidence}%`);
-
-    console.log('\n📝 Security Improvements Implemented:');
-    console.log('   • Production-grade input validation and sanitization');
-    console.log('   • Redis connection security with TLS encryption');
-    console.log('   • Role-based access control (ACL) system');
-    console.log('   • Secure error handling with information leakage prevention');
-    console.log('   • Comprehensive audit logging and monitoring');
-    console.log('   • Rate limiting and DoS protection');
-    console.log('   • Compliance framework integration');
-
-    console.log('\n🎯 Security Auditor Confidence Assessment:');
-    console.log(`   • Previous: 84.0%`);
-    console.log(`   • Current: ${this.testResults.overall.confidence}%`);
-    console.log(`   • Improvement: +${this.testResults.overall.confidence - 84.0}%`);
-
-    if (this.testResults.overall.confidence >= 90) {
-      console.log('\n🎉 PHASE 0 SECURITY VALIDATION COMPLETE');
-      console.log('✅ Security Auditor confidence target achieved (≥90%)');
-      console.log('🚀 Ready to proceed to Phase 1 consensus validation');
-    }
-  }
-}
-
-// Run validation if called directly
-if (import.meta.url === `file://${process.argv[1]}`) {
-  const validator = new SimpleSecurityValidator();
-  validator.runValidation()
-    .then(results => {
-      process.exit(results.overall.confidence >= 90 ? 0 : 1);
-    })
-    .catch(error => {
-      console.error('Validation failed:', error);
-      process.exit(1);
-    });
-}
-
-export default SimpleSecurityValidator;

package/dist/scripts/verify-installation.js

@@ -1,112 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Installation Verification Script
- *
- * Verifies that the package has been installed correctly
- * and all necessary files are in place.
- */
-
-import fs from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-
-const __filename = fileURLToPath(import.meta.url);
-const __dirname = path.dirname(__filename);
-const projectRoot = path.resolve(__dirname, '..');
-
-// Detect CI environment
-const isCI = process.env.CI === 'true' || process.env.CI === '1';
-
-console.log('🔍 Verifying Claude Flow Novice installation...');
-if (isCI) {
-  console.log('ℹ️  CI environment detected - dist directory checks will be optional');
-}
-
-const checks = [
-  {
-    name: 'Main entry point',
-    check: () => fs.existsSync(path.join(projectRoot, '.claude-flow-novice/dist/src/index.js')),
-    optional: isCI
-  },
-  {
-    name: 'Type declarations',
-    check: () => fs.existsSync(path.join(projectRoot, '.claude-flow-novice/dist/index.d.ts')),
-    optional: isCI
-  },
-  {
-    name: 'CLI entry point',
-    check: () => fs.existsSync(path.join(projectRoot, '.claude-flow-novice/dist/src/cli/index.js')),
-    optional: isCI
-  },
-  {
-    name: 'Agent configurations',
-    check: () => fs.existsSync(path.join(projectRoot, '.claude/agents')),
-    optional: false
-  },
-  {
-    name: 'MCP server',
-    check: () => fs.existsSync(path.join(projectRoot, '.claude-flow-novice/dist/src/mcp/mcp-server.js')),
-    optional: isCI
-  },
-  {
-    name: 'Configuration files',
-    check: () => fs.existsSync(path.join(projectRoot, 'config')),
-    optional: false
-  },
-  {
-    name: 'CLI commands',
-    check: () => fs.existsSync(path.join(projectRoot, '.claude/commands')),
-    optional: false
-  }
-];
-
-let allPassed = true;
-let hasWarnings = false;
-
-checks.forEach(({ name, check, optional }) => {
-  try {
-    const passed = check();
-    if (passed) {
-      console.log(`✅ ${name}`);
-    } else {
-      if (optional) {
-        console.log(`⚠️  ${name} - Missing (optional in CI)`);
-        hasWarnings = true;
-      } else {
-        console.log(`❌ ${name} - Missing`);
-        allPassed = false;
-      }
-    }
-  } catch (error) {
-    if (optional) {
-      console.log(`⚠️  ${name} - Error: ${error.message} (optional in CI)`);
-      hasWarnings = true;
-    } else {
-      console.log(`❌ ${name} - Error: ${error.message}`);
-      allPassed = false;
-    }
-  }
-});
-
-if (allPassed) {
-  if (hasWarnings && isCI) {
-    console.log('\n✅ Installation verified successfully (with CI warnings)!');
-    console.log('ℹ️  Some optional components are missing - this is expected during CI builds.');
-    console.log('   These will be built when the build script runs.');
-  } else {
-    console.log('\n🎉 Installation verified successfully!');
-  }
-  console.log('\n📚 Getting Started:');
-  console.log('  npx claude-flow-novice --help');
-  console.log('  npx claude-flow-novice status');
-  console.log('\n📖 Documentation: https://github.com/masharratt/claude-flow-novice#readme');
-} else {
-  console.log('\n⚠️  Installation verification failed.');
-  console.log('Some required components are missing. Please try reinstalling:');
-  console.log('  npm uninstall claude-flow-novice');
-  console.log('  npm install claude-flow-novice');
-  console.log('\nIf issues persist, please report them at:');
-  console.log('  https://github.com/masharratt/claude-flow-novice/issues');
-  process.exit(1);
-}

package/dist/scripts/verify-mcp-server.js

@@ -1,86 +0,0 @@
-#!/usr/bin/env node
-
-/**
- * Verification script for Claude-Flow Novice MCP Server
- * Tests ES module compatibility and tool functionality
- */
-
-console.log('🔍 Verifying Claude-Flow Novice MCP Server...\n');
-
-async function main() {
-  try {
-    // Test 1: Import ES module
-    console.log('✅ Test 1: ES Module Import');
-    const { ClaudeFlowNoviceMCPServer } = await import('../dist/mcp/mcp-server-novice.js');
-    console.log('   → Server class imported successfully');
-
-    // Test 2: Initialize server
-    console.log('\n✅ Test 2: Server Initialization');
-    const server = new ClaudeFlowNoviceMCPServer();
-    console.log(`   → Session ID: ${server.sessionId}`);
-    console.log(`   → Version: ${server.version}`);
-
-    // Test 3: Verify tool count and categories
-    console.log('\n✅ Test 3: Tool Verification');
-    const tools = server.tools;
-    const toolNames = Object.keys(tools);
-    console.log(`   → Total tools: ${toolNames.length}`);
-
-    const expectedCategories = {
-      'Swarm Coordination': ['swarm_init', 'agent_spawn', 'task_orchestrate', 'swarm_status', 'agent_list', 'coordination_sync', 'swarm_scale', 'swarm_destroy'],
-      'Memory Management': ['memory_usage', 'memory_search', 'memory_persist', 'memory_backup', 'memory_restore', 'memory_namespace', 'cache_manage', 'state_snapshot'],
-      'Agent Lifecycle': ['agent_metrics', 'task_status', 'task_results', 'performance_report', 'bottleneck_analyze', 'health_check'],
-      'Language & Framework': ['language_detect', 'framework_detect', 'dependency_analyze', 'config_validate', 'test_detect', 'build_detect', 'package_analyze', 'environment_setup'],
-      'System Tools': ['diagnostic_run', 'features_detect', 'usage_stats', 'config_manage', 'terminal_execute', 'log_analysis']
-    };
-
-    let totalVerified = 0;
-    for (const [category, expectedTools] of Object.entries(expectedCategories)) {
-      const found = expectedTools.filter(tool => toolNames.includes(tool));
-      console.log(`   → ${category}: ${found.length}/${expectedTools.length} tools`);
-      totalVerified += found.length;
-    }
-
-    // Test 4: Mock request handling
-    console.log('\n✅ Test 4: Request Handling');
-    const initResponse = server.handleInitialize({});
-    console.log(`   → Protocol version: ${initResponse.protocolVersion}`);
-    console.log(`   → Server name: ${initResponse.serverInfo.name}`);
-
-    const toolsListResponse = server.handleToolsList();
-    console.log(`   → Tools list length: ${toolsListResponse.tools.length}`);
-
-    // Test 5: Sample tool call
-    console.log('\n✅ Test 5: Tool Call Simulation');
-    const toolCallResponse = await server.handleToolsCall({
-      name: 'swarm_init',
-      arguments: { topology: 'mesh', maxAgents: 4 }
-    });
-    const result = JSON.parse(toolCallResponse.content[0].text);
-    console.log(`   → Tool: ${result.tool}`);
-    console.log(`   → Success: ${result.success}`);
-
-    // Final summary
-    console.log('\n🎉 VERIFICATION COMPLETE');
-    console.log('='.repeat(50));
-    console.log(`✅ ES Module syntax: FIXED`);
-    console.log(`✅ Total tools: ${toolNames.length}/36`);
-    console.log(`✅ Tool categories: 5`);
-    console.log(`✅ MCP protocol: WORKING`);
-    console.log(`✅ Tool execution: WORKING`);
-
-    if (toolNames.length === 36 && totalVerified === 36) {
-      console.log('\n🚀 Server is ready for production use!');
-      process.exit(0);
-    } else {
-      console.log('\n❌ Tool count mismatch detected');
-      process.exit(1);
-    }
-
-  } catch (error) {
-    console.error('\n❌ VERIFICATION FAILED:', error.message);
-    process.exit(1);
-  }
-}
-
-main();