claude-flow 2.5.0-alpha.141 → 2.7.0-alpha.1

package/src/reasoningbank/reasoningbank-adapter.js

@@ -0,0 +1,191 @@
+/**
+ * ReasoningBank Adapter for Claude-Flow
+ *
+ * Wraps agentic-flow's ReasoningBank SDK for use in claude-flow memory commands
+ */
+
+import {  db, initialize, retrieveMemories, computeEmbedding, loadConfig } from 'agentic-flow/dist/reasoningbank/index.js';
+import { v4 as uuidv4 } from 'uuid';
+
+/**
+ * Initialize ReasoningBank database
+ */
+export async function initializeReasoningBank() {
+  // Set database path
+  process.env.CLAUDE_FLOW_DB_PATH = '.swarm/memory.db';
+
+  await initialize();
+  return true;
+}
+
+/**
+ * Store a memory in ReasoningBank
+ */
+export async function storeMemory(key, value, options = {}) {
+  const memoryId = `mem_${uuidv4()}`;
+
+  const memory = {
+    id: memoryId,
+    type: options.type || 'fact',
+    pattern_data: JSON.stringify({
+      key,
+      value,
+      namespace: options.namespace || 'default',
+      agent: options.agent || 'memory-agent',
+      domain: options.domain || 'general',
+    }),
+    confidence: options.confidence || 0.8,
+    usage_count: 0,
+    created_at: new Date().toISOString(),
+  };
+
+  // Store memory
+  db.upsertMemory(memory);
+
+  // Compute and store embedding for semantic search
+  try {
+    const config = loadConfig();
+    const embeddingModel = config.embeddings.provider || 'claude';
+
+    const embedding = await computeEmbedding(`${key}: ${value}`);
+    const vectorArray = new Float32Array(embedding);
+
+    db.upsertEmbedding({
+      memory_id: memoryId,
+      vector: vectorArray,
+      model: embeddingModel,  // Dynamic model from config
+      dims: vectorArray.length,  // Required: embedding dimensions
+      created_at: new Date().toISOString(),
+    });
+  } catch (error) {
+    console.warn('[ReasoningBank] Warning: Could not compute embedding:', error.message);
+    // Continue without embedding - memory is still stored
+  }
+
+  return memoryId;
+}
+
+/**
+ * Query memories from ReasoningBank
+ */
+export async function queryMemories(searchQuery, options = {}) {
+  try {
+    // Use ReasoningBank's semantic retrieval
+    const memories = await retrieveMemories(searchQuery, {
+      domain: options.domain || 'general',
+      agent: options.agent || 'memory-agent',
+      k: options.limit || 10,
+    });
+
+    return memories.map(mem => {
+      try {
+        const data = JSON.parse(mem.pattern_data);
+        return {
+          id: mem.id,
+          key: data.key,
+          value: data.value,
+          namespace: data.namespace,
+          confidence: mem.confidence,
+          usage_count: mem.usage_count,
+          created_at: mem.created_at,
+          score: mem.score || 0,
+        };
+      } catch {
+        return null;
+      }
+    }).filter(Boolean);
+  } catch (error) {
+    // Fallback to simple query if semantic search fails
+    console.warn('[ReasoningBank] Semantic search failed, using simple query:', error.message);
+
+    const dbInstance = db.getDb();
+    const rows = dbInstance.prepare(`
+      SELECT * FROM patterns
+      WHERE pattern_data LIKE ?
+      ORDER BY confidence DESC, usage_count DESC
+      LIMIT ?
+    `).all(`%${searchQuery}%`, options.limit || 10);
+
+    return rows.map(row => {
+      try {
+        const data = JSON.parse(row.pattern_data);
+        return {
+          id: row.id,
+          key: data.key,
+          value: data.value,
+          namespace: data.namespace,
+          confidence: row.confidence,
+          usage_count: row.usage_count,
+          created_at: row.created_at,
+        };
+      } catch {
+        return null;
+      }
+    }).filter(Boolean);
+  }
+}
+
+/**
+ * List all memories
+ */
+export async function listMemories(options = {}) {
+  const dbInstance = db.getDb();
+
+  const limit = options.limit || 10;
+  const sortBy = options.sort || 'created_at';
+  const sortOrder = options.order || 'DESC';
+
+  const rows = dbInstance.prepare(`
+    SELECT * FROM patterns
+    ORDER BY ${sortBy} ${sortOrder}
+    LIMIT ?
+  `).all(limit);
+
+  return rows.map(row => {
+    try {
+      const data = JSON.parse(row.pattern_data);
+      return {
+        id: row.id,
+        key: data.key,
+        value: data.value,
+        namespace: data.namespace,
+        confidence: row.confidence,
+        usage_count: row.usage_count,
+        created_at: row.created_at,
+      };
+    } catch {
+      return null;
+    }
+  }).filter(Boolean);
+}
+
+/**
+ * Get ReasoningBank statistics
+ */
+export async function getStatus() {
+  const dbInstance = db.getDb();
+
+  const stats = dbInstance.prepare(`
+    SELECT
+      COUNT(*) as total_memories,
+      AVG(confidence) as avg_confidence,
+      SUM(usage_count) as total_usage
+    FROM patterns
+  `).get();
+
+  const embeddingCount = dbInstance.prepare(`
+    SELECT COUNT(*) as count FROM pattern_embeddings
+  `).get();
+
+  const trajectoryCount = dbInstance.prepare(`
+    SELECT COUNT(*) as count FROM task_trajectories
+  `).get();
+
+  return {
+    total_memories: stats.total_memories || 0,
+    avg_confidence: stats.avg_confidence || 0,
+    total_usage: stats.total_usage || 0,
+    total_embeddings: embeddingCount.count || 0,
+    total_trajectories: trajectoryCount.count || 0,
+  };
+}

package/src/utils/key-redactor.js

@@ -0,0 +1,178 @@
+/**
+ * API Key Redaction Utility
+ * Prevents sensitive data from leaking into logs, memory, or git commits
+ */
+
+export class KeyRedactor {
+  static API_KEY_PATTERNS = [
+    // Anthropic API keys
+    /sk-ant-[a-zA-Z0-9_-]{95,}/gi,
+
+    // OpenRouter API keys
+    /sk-or-[a-zA-Z0-9_-]{32,}/gi,
+
+    // Google/Gemini API keys
+    /AIza[a-zA-Z0-9_-]{35}/gi,
+
+    // Generic API keys
+    /[a-zA-Z0-9_-]{20,}API[a-zA-Z0-9_-]{20,}/gi,
+
+    // Bearer tokens
+    /Bearer\s+[a-zA-Z0-9_\-\.]{20,}/gi,
+
+    // Environment variable format
+    /([A-Z_]+_API_KEY|[A-Z_]+_TOKEN|[A-Z_]+_SECRET)=["']?([^"'\s]+)["']?/gi,
+
+    // Supabase keys
+    /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/gi,
+  ];
+
+  static SENSITIVE_FIELDS = [
+    'apiKey',
+    'api_key',
+    'token',
+    'secret',
+    'password',
+    'private_key',
+    'privateKey',
+    'accessToken',
+    'access_token',
+    'refreshToken',
+    'refresh_token',
+  ];
+
+  /**
+   * Redact API keys and sensitive data from text
+   */
+  static redact(text, showPrefix = true) {
+    if (!text) return text;
+
+    let redacted = text;
+
+    // Redact using patterns
+    this.API_KEY_PATTERNS.forEach(pattern => {
+      redacted = redacted.replace(pattern, (match) => {
+        if (showPrefix && match.length > 8) {
+          const prefix = match.substring(0, 8);
+          return `${prefix}...[REDACTED]`;
+        }
+        return '[REDACTED_API_KEY]';
+      });
+    });
+
+    return redacted;
+  }
+
+  /**
+   * Redact sensitive fields in objects
+   */
+  static redactObject(obj, deep = true) {
+    if (!obj || typeof obj !== 'object') return obj;
+
+    const redacted = { ...obj };
+
+    Object.keys(redacted).forEach(key => {
+      const lowerKey = key.toLowerCase();
+
+      // Check if field name is sensitive
+      const isSensitive = this.SENSITIVE_FIELDS.some(field =>
+        lowerKey.includes(field)
+      );
+
+      if (isSensitive && typeof redacted[key] === 'string') {
+        const value = redacted[key];
+        if (value && value.length > 8) {
+          redacted[key] = `${value.substring(0, 4)}...[REDACTED]`;
+        } else {
+          redacted[key] = '[REDACTED]';
+        }
+      } else if (deep && typeof redacted[key] === 'object' && redacted[key] !== null) {
+        redacted[key] = this.redactObject(redacted[key], deep);
+      } else if (typeof redacted[key] === 'string') {
+        // Redact any API keys in string values
+        redacted[key] = this.redact(redacted[key]);
+      }
+    });
+
+    return redacted;
+  }
+
+  /**
+   * Sanitize text for safe logging
+   */
+  static sanitize(text) {
+    return this.redact(text, true);
+  }
+
+  /**
+   * Sanitize command arguments
+   */
+  static sanitizeArgs(args) {
+    return args.map(arg => {
+      // Check if arg is a flag value pair
+      if (arg.includes('key') || arg.includes('token') || arg.includes('secret')) {
+        return this.redact(arg);
+      }
+      return arg;
+    });
+  }
+
+  /**
+   * Check if text contains unredacted sensitive data
+   */
+  static containsSensitiveData(text) {
+    return this.API_KEY_PATTERNS.some(pattern => pattern.test(text));
+  }
+
+  /**
+   * Validate that text is safe for logging/storage
+   */
+  static validate(text) {
+    const warnings = [];
+
+    this.API_KEY_PATTERNS.forEach((pattern, index) => {
+      if (pattern.test(text)) {
+        warnings.push(`Potential API key detected (pattern ${index + 1})`);
+      }
+    });
+
+    return {
+      safe: warnings.length === 0,
+      warnings,
+    };
+  }
+
+  /**
+   * Redact environment variables
+   */
+  static redactEnv(env) {
+    const redacted = {};
+
+    Object.keys(env).forEach(key => {
+      const value = env[key];
+      if (!value) {
+        redacted[key] = '';
+        return;
+      }
+
+      const lowerKey = key.toLowerCase();
+      const isSensitive = lowerKey.includes('key') ||
+                         lowerKey.includes('token') ||
+                         lowerKey.includes('secret') ||
+                         lowerKey.includes('password');
+
+      if (isSensitive) {
+        redacted[key] = value.length > 8
+          ? `${value.substring(0, 4)}...[REDACTED]`
+          : '[REDACTED]';
+      } else {
+        redacted[key] = value;
+      }
+    });
+
+    return redacted;
+  }
+}
+
+// Export singleton instance
+export const redactor = KeyRedactor;

package/src/utils/key-redactor.ts

@@ -0,0 +1,184 @@
+/**
+ * API Key Redaction Utility
+ * Prevents sensitive data from leaking into logs, memory, or git commits
+ */
+
+export interface RedactionConfig {
+  patterns: RegExp[];
+  replacement: string;
+  maskLength: number;
+}
+
+export class KeyRedactor {
+  private static readonly API_KEY_PATTERNS = [
+    // Anthropic API keys
+    /sk-ant-[a-zA-Z0-9_-]{95,}/gi,
+
+    // OpenRouter API keys
+    /sk-or-[a-zA-Z0-9_-]{32,}/gi,
+
+    // Google/Gemini API keys
+    /AIza[a-zA-Z0-9_-]{35}/gi,
+
+    // Generic API keys
+    /[a-zA-Z0-9_-]{20,}API[a-zA-Z0-9_-]{20,}/gi,
+
+    // Bearer tokens
+    /Bearer\s+[a-zA-Z0-9_\-\.]{20,}/gi,
+
+    // Environment variable format
+    /([A-Z_]+_API_KEY|[A-Z_]+_TOKEN|[A-Z_]+_SECRET)=["']?([^"'\s]+)["']?/gi,
+
+    // Supabase keys
+    /eyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*/gi,
+  ];
+
+  private static readonly SENSITIVE_FIELDS = [
+    'apiKey',
+    'api_key',
+    'token',
+    'secret',
+    'password',
+    'private_key',
+    'privateKey',
+    'accessToken',
+    'access_token',
+    'refreshToken',
+    'refresh_token',
+  ];
+
+  /**
+   * Redact API keys and sensitive data from text
+   */
+  static redact(text: string, showPrefix = true): string {
+    if (!text) return text;
+
+    let redacted = text;
+
+    // Redact using patterns
+    this.API_KEY_PATTERNS.forEach(pattern => {
+      redacted = redacted.replace(pattern, (match) => {
+        if (showPrefix && match.length > 8) {
+          const prefix = match.substring(0, 8);
+          return `${prefix}...[REDACTED]`;
+        }
+        return '[REDACTED_API_KEY]';
+      });
+    });
+
+    return redacted;
+  }
+
+  /**
+   * Redact sensitive fields in objects
+   */
+  static redactObject<T extends Record<string, any>>(obj: T, deep = true): T {
+    if (!obj || typeof obj !== 'object') return obj;
+
+    const redacted = { ...obj };
+
+    Object.keys(redacted).forEach(key => {
+      const lowerKey = key.toLowerCase();
+
+      // Check if field name is sensitive
+      const isSensitive = this.SENSITIVE_FIELDS.some(field =>
+        lowerKey.includes(field)
+      );
+
+      if (isSensitive && typeof redacted[key] === 'string') {
+        const value = redacted[key] as string;
+        if (value && value.length > 8) {
+          redacted[key] = `${value.substring(0, 4)}...[REDACTED]` as any;
+        } else {
+          redacted[key] = '[REDACTED]' as any;
+        }
+      } else if (deep && typeof redacted[key] === 'object' && redacted[key] !== null) {
+        redacted[key] = this.redactObject(redacted[key], deep);
+      } else if (typeof redacted[key] === 'string') {
+        // Redact any API keys in string values
+        redacted[key] = this.redact(redacted[key]) as any;
+      }
+    });
+
+    return redacted;
+  }
+
+  /**
+   * Sanitize text for safe logging
+   */
+  static sanitize(text: string): string {
+    return this.redact(text, true);
+  }
+
+  /**
+   * Sanitize command arguments
+   */
+  static sanitizeArgs(args: string[]): string[] {
+    return args.map(arg => {
+      // Check if arg is a flag value pair
+      if (arg.includes('key') || arg.includes('token') || arg.includes('secret')) {
+        return this.redact(arg);
+      }
+      return arg;
+    });
+  }
+
+  /**
+   * Check if text contains unredacted sensitive data
+   */
+  static containsSensitiveData(text: string): boolean {
+    return this.API_KEY_PATTERNS.some(pattern => pattern.test(text));
+  }
+
+  /**
+   * Validate that text is safe for logging/storage
+   */
+  static validate(text: string): { safe: boolean; warnings: string[] } {
+    const warnings: string[] = [];
+
+    this.API_KEY_PATTERNS.forEach((pattern, index) => {
+      if (pattern.test(text)) {
+        warnings.push(`Potential API key detected (pattern ${index + 1})`);
+      }
+    });
+
+    return {
+      safe: warnings.length === 0,
+      warnings,
+    };
+  }
+
+  /**
+   * Redact environment variables
+   */
+  static redactEnv(env: Record<string, string | undefined>): Record<string, string> {
+    const redacted: Record<string, string> = {};
+
+    Object.keys(env).forEach(key => {
+      const value = env[key];
+      if (!value) {
+        redacted[key] = '';
+        return;
+      }
+
+      const lowerKey = key.toLowerCase();
+      const isSensitive = lowerKey.includes('key') ||
+                         lowerKey.includes('token') ||
+                         lowerKey.includes('secret') ||
+                         lowerKey.includes('password');
+
+      if (isSensitive) {
+        redacted[key] = value.length > 8
+          ? `${value.substring(0, 4)}...[REDACTED]`
+          : '[REDACTED]';
+      } else {
+        redacted[key] = value;
+      }
+    });
+
+    return redacted;
+  }
+}
+
+// Export singleton instance
+export const redactor = KeyRedactor;