claude-flow 3.10.43 → 3.10.45

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-flow",
-  "version": "3.10.43",
+  "version": "3.10.45",
   "description": "Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration",
   "main": "dist/index.js",
   "type": "module",

package/v3/@claude-flow/cli/dist/src/commands/hive-mind.js

@@ -251,7 +251,16 @@ async function spawnClaudeCodeInstance(swarmId, swarmName, objective, workers, f
             // HIGH-02: Strict boolean check (=== true) instead of loose truthiness (!== false)
             // to prevent undefined/null from being treated as "skip permissions".
             // Behavior change: only explicit --dangerously-skip-permissions flag triggers skip.
-            const skipPermissions = flags['dangerously-skip-permissions'] === true && !flags['no-auto-permissions'];
+            // #2269: the arg parser normalizes kebab-case to camelCase (parser.ts:350,
+            // normalizeKey) and stores only the normalized key, so reading
+            // flags['dangerously-skip-permissions'] alone is always undefined. Accept
+            // both forms — mirroring the isNonInteractive pattern a few lines above.
+            // The deny clause must ALSO accept the yargs-style negation the parser
+            // produces for `--no-auto-permissions` (stored as `autoPermissions: false`,
+            // NOT `noAutoPermissions: true`); without this third clause, the deny half
+            // never fires and `--no-auto-permissions` is silently ignored.
+            const skipPermissions = (flags['dangerously-skip-permissions'] === true || flags.dangerouslySkipPermissions === true) &&
+                !(flags['no-auto-permissions'] || flags.noAutoPermissions || flags.autoPermissions === false);
             if (skipPermissions) {
                 claudeArgs.push('--dangerously-skip-permissions');
                 if (!isNonInteractive) {

package/v3/@claude-flow/cli/dist/src/memory/memory-bridge.js

@@ -562,26 +562,35 @@ async function rescueAgentdbEmbedder(agentdb) {
     // own embed() does the right thing and we should not interpose.
     if (emb.pipeline)
         return;
-    let generateEmbedding = null;
+    let localEmbed = null;
     try {
         const mod = (await import('./memory-initializer.js'));
-        generateEmbedding = mod.generateEmbedding ?? null;
+        localEmbed = mod.generateLocalEmbedding ?? null;
     }
     catch {
         return; // can't import the rescuer — leave the mock fallback alone
     }
-    if (!generateEmbedding)
+    if (!localEmbed)
         return;
-    const embed = generateEmbedding;
-    // Probe once to confirm the rescuer actually returns real (non-zero) vectors.
-    // If our own fallback chain also dead-ends in mock embeddings, leave
-    // agentdb as-is rather than swapping one mock for another.
+    const embed = localEmbed;
+    // Probe once to confirm the rescuer actually returns REAL ONNX vectors
+    // (#2312: the old probe only checked non-zero, which the deterministic
+    // hash fallback also satisfies — so it "rescued" agentdb's mock with our
+    // own mock and reported it as real). Require backend === 'onnx'.
     try {
         const probe = await embed('rescue-probe');
         const arr = probe?.embedding ? Array.from(probe.embedding) : [];
         const hasSignal = arr.length > 0 && arr.some((v) => Math.abs(v) > 1e-9);
-        if (!hasSignal)
+        if (!hasSignal || probe.backend !== 'onnx') {
+            // Local chain is also degraded — leave agentdb's embedder alone, but
+            // tag it so bridgeGenerateEmbedding's AUDIT-#3 isMock check reports
+            // backend='mock' truthfully instead of labeling mock vectors 'onnx'.
+            try {
+                emb.backend = 'mock';
+            }
+            catch { /* frozen */ }
             return;
+        }
     }
     catch {
         return;

package/v3/@claude-flow/cli/dist/src/memory/memory-initializer.d.ts

@@ -269,6 +269,27 @@ export declare function generateEmbedding(text: string): Promise<{
     model: string;
     backend: 'onnx' | 'mock';
 }>;
+/**
+ * Generate an embedding using ONLY the local model chain (transformers.js /
+ * ruvector ONNX / hash fallback) — never the AgentDB bridge.
+ *
+ * #2312: this MUST stay bridge-free. `memory-bridge.ts` rescues a degraded
+ * agentdb embedder by delegating to this module; if that delegation went
+ * through `generateEmbedding` (bridge-first), the call would re-enter the
+ * patched `agentdb.embedder.embed` and recurse unboundedly:
+ *
+ *   generateEmbedding → bridgeGenerateEmbedding → embedder.embed (patched)
+ *     → generateEmbedding → … (heap OOM at ~4 GB on CI, no stack overflow
+ *     because the cycle is async/microtask-driven)
+ *
+ * Keeping the local chain as its own export breaks that cycle structurally.
+ */
+export declare function generateLocalEmbedding(text: string): Promise<{
+    embedding: number[];
+    dimensions: number;
+    model: string;
+    backend: 'onnx' | 'mock';
+}>;
 /**
  * Generate embeddings for multiple texts
  * Uses parallel execution for API-based providers (2-4x faster)

package/v3/@claude-flow/cli/dist/src/memory/memory-initializer.js

@@ -1609,6 +1609,24 @@ export async function generateEmbedding(text) {
             return { ...bridgeResult, backend };
         }
     }
+    return generateLocalEmbedding(text);
+}
+/**
+ * Generate an embedding using ONLY the local model chain (transformers.js /
+ * ruvector ONNX / hash fallback) — never the AgentDB bridge.
+ *
+ * #2312: this MUST stay bridge-free. `memory-bridge.ts` rescues a degraded
+ * agentdb embedder by delegating to this module; if that delegation went
+ * through `generateEmbedding` (bridge-first), the call would re-enter the
+ * patched `agentdb.embedder.embed` and recurse unboundedly:
+ *
+ *   generateEmbedding → bridgeGenerateEmbedding → embedder.embed (patched)
+ *     → generateEmbedding → … (heap OOM at ~4 GB on CI, no stack overflow
+ *     because the cycle is async/microtask-driven)
+ *
+ * Keeping the local chain as its own export breaks that cycle structurally.
+ */
+export async function generateLocalEmbedding(text) {
     // Ensure model is loaded
     if (!embeddingModelState?.loaded) {
         await loadEmbeddingModel();

package/v3/@claude-flow/cli/dist/src/plugins/manager.js

@@ -8,6 +8,19 @@ import * as path from 'path';
 import { execFile } from 'child_process';
 import { promisify } from 'util';
 const execFileAsync = promisify(execFile);
+// On Windows, `npm` is a shell script (no `.exe`) and `npm.cmd` is a batch
+// wrapper. Since Node 18.20.2 / 20.12.2 (CVE-2024-27980) the runtime refuses
+// to spawn `.cmd`/`.bat` files directly and throws `spawn EINVAL` — the only
+// supported invocation is via a real `.exe` shell. We wrap every npm call
+// through `cmd.exe /d /s /c npm <args>`, which keeps Node's safe array-form
+// argument escaping intact and avoids both ENOENT and EINVAL.
+const isWindows = process.platform === 'win32';
+function runNpm(args, timeoutMs) {
+    if (isWindows) {
+        return execFileAsync('cmd.exe', ['/d', '/s', '/c', 'npm', ...args], { timeout: timeoutMs });
+    }
+    return execFileAsync('npm', args, { timeout: timeoutMs });
+}
 /**
  * Validate npm package name to prevent shell injection (S-3)
  */
@@ -105,7 +118,7 @@ export class PluginManager {
             validatePackageName(versionSpec);
             // Use npm to install (array form prevents shell injection)
             console.log(`[PluginManager] Installing ${versionSpec}...`);
-            await execFileAsync('npm', ['install', '--prefix', this.config.pluginsDir, versionSpec], { timeout: 120000 });
+            await runNpm(['install', '--prefix', this.config.pluginsDir, versionSpec], 120000);
             // Get installed version
             const packageJsonPath = path.join(installDir, packageName, 'package.json');
             let installedVersion = version || 'latest';
@@ -210,7 +223,7 @@ export class PluginManager {
             // For npm-installed plugins, remove from node_modules
             if (plugin.source === 'npm') {
                 validatePackageName(packageName);
-                await execFileAsync('npm', ['uninstall', '--prefix', this.config.pluginsDir, packageName], { timeout: 60000 });
+                await runNpm(['uninstall', '--prefix', this.config.pluginsDir, packageName], 60000);
             }
             // Remove from manifest
             delete this.manifest.plugins[packageName];
@@ -333,7 +346,7 @@ export class PluginManager {
             // Validate package name to prevent injection (S-3)
             validatePackageName(versionSpec);
             // Reinstall with new version (array form prevents shell injection)
-            await execFileAsync('npm', ['install', '--prefix', this.config.pluginsDir, versionSpec], { timeout: 120000 });
+            await runNpm(['install', '--prefix', this.config.pluginsDir, versionSpec], 120000);
             // Update manifest
             const installDir = path.join(this.config.pluginsDir, 'node_modules');
             const packageJsonPath = path.join(installDir, packageName, 'package.json');

package/v3/@claude-flow/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@claude-flow/cli",
-  "version": "3.10.43",
+  "version": "3.10.45",
   "type": "module",
   "description": "Ruflo CLI - Enterprise AI agent orchestration with 60+ specialized agents, swarm coordination, MCP server, self-learning hooks, and vector memory for Claude Code",
   "main": "dist/src/index.js",