claude-flow 3.23.0 → 3.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/.proven-config-version +1 -0
- package/.claude/helpers/.helpers-version +1 -1
- package/.claude/helpers/helpers.manifest.json +2 -2
- package/.claude/proven-config.json +42 -0
- package/package.json +1 -1
- package/v3/@claude-flow/cli/dist/src/config/harness-feedback-applier.d.ts +50 -0
- package/v3/@claude-flow/cli/dist/src/config/harness-feedback-applier.js +122 -0
- package/v3/@claude-flow/cli/dist/src/config/proven-config-refresh.d.ts +39 -0
- package/v3/@claude-flow/cli/dist/src/config/proven-config-refresh.js +154 -0
- package/v3/@claude-flow/cli/dist/src/config/proven-config-rvfa.d.ts +23 -0
- package/v3/@claude-flow/cli/dist/src/config/proven-config-rvfa.js +73 -0
- package/v3/@claude-flow/cli/dist/src/config/proven-config.d.ts +86 -0
- package/v3/@claude-flow/cli/dist/src/config/proven-config.js +176 -0
- package/v3/@claude-flow/cli/dist/src/index.js +35 -0
- package/v3/@claude-flow/cli/dist/src/mcp-tools/neural-tools.d.ts +10 -0
- package/v3/@claude-flow/cli/dist/src/mcp-tools/neural-tools.js +129 -20
- package/v3/@claude-flow/cli/dist/src/ruvector/lattice-wasm.d.ts +14 -0
- package/v3/@claude-flow/cli/dist/src/ruvector/lattice-wasm.js +144 -0
- package/v3/@claude-flow/cli/dist/src/services/daemon-autostart.d.ts +17 -0
- package/v3/@claude-flow/cli/dist/src/services/daemon-autostart.js +79 -0
- package/v3/@claude-flow/cli/dist/src/services/evolve-proof.d.ts +253 -0
- package/v3/@claude-flow/cli/dist/src/services/evolve-proof.js +343 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-benchmark.d.ts +68 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-benchmark.js +94 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-canary.d.ts +60 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-canary.js +69 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-corpus-harvester.d.ts +51 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-corpus-harvester.js +74 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-flywheel-generations.d.ts +115 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-flywheel-generations.js +360 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-flywheel-runtime.d.ts +25 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-flywheel-runtime.js +92 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-flywheel.d.ts +48 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-flywheel.js +207 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-frozen-eval.d.ts +22 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-frozen-eval.js +66 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-hosts.d.ts +40 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-hosts.js +88 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-improvement-ledger.d.ts +63 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-improvement-ledger.js +101 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-loop.d.ts +53 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-loop.js +85 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-qualification.d.ts +66 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-qualification.js +143 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-replay.d.ts +37 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-replay.js +92 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-verify.d.ts +33 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-verify.js +26 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-worker.d.ts +23 -0
- package/v3/@claude-flow/cli/dist/src/services/harness-worker.js +66 -0
- package/v3/@claude-flow/cli/dist/src/services/worker-daemon.d.ts +8 -1
- package/v3/@claude-flow/cli/dist/src/services/worker-daemon.js +42 -0
- package/v3/@claude-flow/cli/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
sha256:6141a8ea990c5063b77e090ae8f37f9c539d8aa8f58dcceb30f3a82f97e57319
|
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.23.0
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
{
|
|
2
2
|
"manifest": {
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.23.0",
|
|
4
4
|
"files": {
|
|
5
5
|
"auto-memory-hook.mjs": "68be7e9a9eba7bf9c4e8a230db7bf61a243b965639f8504842799d6c6ca28762",
|
|
6
6
|
"hook-handler.cjs": "bc4d2d26823d49b3ab1dded2946b66369f1f67bd76b4c30dca9f3b6df3cca8f0",
|
|
7
7
|
"intelligence.cjs": "760cb82ed2000031abc1ac1fa90a014e7d91d93966e3aa4741b07ab7aff8d066"
|
|
8
8
|
}
|
|
9
9
|
},
|
|
10
|
-
"signature": "
|
|
10
|
+
"signature": "of5l9RP68iPcmcC5dckDv+KIOiENJKifWxYKwQTwAiXiyRNNZuMwQ8y8Bd8+wGviTRxIzBfSuxL1nuJ/rX3xDQ==",
|
|
11
11
|
"algorithm": "ed25519"
|
|
12
12
|
}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
{
|
|
2
|
+
"adoptedAt": 1783265769778,
|
|
3
|
+
"championId": "sha256:6141a8ea990c5063b77e090ae8f37f9c539d8aa8f58dcceb30f3a82f97e57319",
|
|
4
|
+
"manifest": {
|
|
5
|
+
"schema": "ruflo.proven-config/v1",
|
|
6
|
+
"policy": {
|
|
7
|
+
"ref": "sha256:6141a8ea990c5063b77e090ae8f37f9c539d8aa8f58dcceb30f3a82f97e57319",
|
|
8
|
+
"value": {
|
|
9
|
+
"alpha": 0.3,
|
|
10
|
+
"subjectWeight": 1,
|
|
11
|
+
"mmrLambda": 0.5,
|
|
12
|
+
"bodyWeight": 1.5,
|
|
13
|
+
"typePenaltyFactor": 0.5
|
|
14
|
+
}
|
|
15
|
+
},
|
|
16
|
+
"layer": "framework/node-cli",
|
|
17
|
+
"compatibility": {
|
|
18
|
+
"ruflo": ">=3.24.0"
|
|
19
|
+
},
|
|
20
|
+
"benchmark": {
|
|
21
|
+
"corpus": "ADR-081-labelled-v1",
|
|
22
|
+
"corpusHash": "sha256:2f700b5c363e20a3bd88ce2bc9b87bbbbaa61732c6177894c6ec37890f888982"
|
|
23
|
+
},
|
|
24
|
+
"receipt": {
|
|
25
|
+
"heldOutDelta": 0.07381404928570845,
|
|
26
|
+
"redblue": "PASS",
|
|
27
|
+
"drift": 0,
|
|
28
|
+
"canary": {
|
|
29
|
+
"rollbackRate": 0,
|
|
30
|
+
"latencyP95": 244.612458000076,
|
|
31
|
+
"costPerTask": 0
|
|
32
|
+
},
|
|
33
|
+
"receiptCoverage": 1
|
|
34
|
+
},
|
|
35
|
+
"platform": [
|
|
36
|
+
"linux",
|
|
37
|
+
"macOS",
|
|
38
|
+
"windows"
|
|
39
|
+
]
|
|
40
|
+
},
|
|
41
|
+
"previous": ""
|
|
42
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claude-flow",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.25.0",
|
|
4
4
|
"description": "Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"type": "module",
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
export declare const ADOPTED_CONFIG_FILE = "proven-config.json";
|
|
2
|
+
export declare const ACTIVE_POLICY_FILE = "harness-active-policy.json";
|
|
3
|
+
export interface ActivePolicy {
|
|
4
|
+
championId: string;
|
|
5
|
+
provenanceTier: string;
|
|
6
|
+
layer?: string;
|
|
7
|
+
appliedAt: number;
|
|
8
|
+
previous?: string | null;
|
|
9
|
+
rolledBack?: boolean;
|
|
10
|
+
params?: Record<string, unknown>;
|
|
11
|
+
}
|
|
12
|
+
export interface ApplyResult {
|
|
13
|
+
applied: boolean;
|
|
14
|
+
from?: string | null;
|
|
15
|
+
to?: string;
|
|
16
|
+
reason?: string;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Apply the adopted champion to the active harness policy. Idempotent (applying
|
|
20
|
+
* the same champion is a no-op), reversible (records the superseded champion),
|
|
21
|
+
* best-effort. `now` is injectable for tests.
|
|
22
|
+
*/
|
|
23
|
+
export declare function applyChampion(cwd: string, opts?: {
|
|
24
|
+
now?: number;
|
|
25
|
+
}): ApplyResult;
|
|
26
|
+
/**
|
|
27
|
+
* Apply a champion directly by its config payload (local self-optimization,
|
|
28
|
+
* ADR-176 flywheel). Unlike applyChampion (which reads a propagated, signed,
|
|
29
|
+
* adopted record), this activates a LOCALLY-mined champion that just cleared the
|
|
30
|
+
* install's own measured gate — no signing, because nothing is propagated. Still
|
|
31
|
+
* reversible (records `previous`) and idempotent. Consumers read `params`.
|
|
32
|
+
*/
|
|
33
|
+
export declare function applyChampionParams(cwd: string, opts: {
|
|
34
|
+
championId: string;
|
|
35
|
+
params?: Record<string, unknown>;
|
|
36
|
+
layer?: string;
|
|
37
|
+
previous?: string | null;
|
|
38
|
+
now?: number;
|
|
39
|
+
}): ApplyResult;
|
|
40
|
+
/**
|
|
41
|
+
* Reverse the last apply: point the active policy back at its `previous`
|
|
42
|
+
* champion (reversibility, ADR-177 rollback pointer). No-op if there is no
|
|
43
|
+
* previous. The previous champion's policy is fetched by ref by consumers.
|
|
44
|
+
*/
|
|
45
|
+
export declare function rollbackActivePolicy(cwd: string, opts?: {
|
|
46
|
+
now?: number;
|
|
47
|
+
}): ApplyResult;
|
|
48
|
+
/** The champion routing/agents should currently use, or null. */
|
|
49
|
+
export declare function activeChampion(cwd: string): ActivePolicy | null;
|
|
50
|
+
//# sourceMappingURL=harness-feedback-applier.d.ts.map
|
|
@@ -0,0 +1,122 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Feedback applier — close the loop (ADR-176 phase 9).
|
|
3
|
+
*
|
|
4
|
+
* A proven champion adopted by the propagation channel (ADR-177,
|
|
5
|
+
* proven-config-refresh.ts writes `.claude/proven-config.json`) is inert until
|
|
6
|
+
* something *applies* it to what ruflo actually runs. This applier promotes the
|
|
7
|
+
* adopted champion to the ACTIVE harness policy that routing/agents consume —
|
|
8
|
+
* reversibly (keeps the previous pointer) and provenance-tagged (ADR-171), so
|
|
9
|
+
* it composes with the promote-gate discipline rather than bypassing it. It only
|
|
10
|
+
* ever sets a pointer to a proven, signed champion; it never invents config.
|
|
11
|
+
* Zero deps, $0.
|
|
12
|
+
*/
|
|
13
|
+
import * as fs from 'fs';
|
|
14
|
+
import * as path from 'path';
|
|
15
|
+
export const ADOPTED_CONFIG_FILE = 'proven-config.json'; // written by proven-config-refresh (in .claude)
|
|
16
|
+
export const ACTIVE_POLICY_FILE = 'harness-active-policy.json'; // consumed by routing/agents (in .claude-flow)
|
|
17
|
+
function readJson(p) {
|
|
18
|
+
try {
|
|
19
|
+
return JSON.parse(fs.readFileSync(p, 'utf-8'));
|
|
20
|
+
}
|
|
21
|
+
catch {
|
|
22
|
+
return null;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Apply the adopted champion to the active harness policy. Idempotent (applying
|
|
27
|
+
* the same champion is a no-op), reversible (records the superseded champion),
|
|
28
|
+
* best-effort. `now` is injectable for tests.
|
|
29
|
+
*/
|
|
30
|
+
export function applyChampion(cwd, opts = {}) {
|
|
31
|
+
try {
|
|
32
|
+
const claudeDir = path.join(cwd, '.claude');
|
|
33
|
+
const adopted = readJson(path.join(claudeDir, ADOPTED_CONFIG_FILE));
|
|
34
|
+
if (!adopted?.championId)
|
|
35
|
+
return { applied: false, reason: 'no adopted champion' };
|
|
36
|
+
const cfDir = path.join(cwd, '.claude-flow');
|
|
37
|
+
const activePath = path.join(cfDir, ACTIVE_POLICY_FILE);
|
|
38
|
+
const current = readJson(activePath);
|
|
39
|
+
if (current?.championId === adopted.championId && !current.rolledBack) {
|
|
40
|
+
return { applied: false, reason: 'already active' }; // idempotent
|
|
41
|
+
}
|
|
42
|
+
const active = {
|
|
43
|
+
championId: adopted.championId,
|
|
44
|
+
// A champion only reaches adoption if it cleared the promote-gate, so it is
|
|
45
|
+
// oracle/judge-backed; proxy can never be here (ADR-171). Default oracle.
|
|
46
|
+
provenanceTier: 'oracle:test-exec',
|
|
47
|
+
layer: adopted.manifest?.layer,
|
|
48
|
+
appliedAt: opts.now ?? Date.now(),
|
|
49
|
+
previous: current?.championId ?? adopted.previous ?? null,
|
|
50
|
+
params: adopted.manifest?.policy?.value,
|
|
51
|
+
};
|
|
52
|
+
fs.mkdirSync(cfDir, { recursive: true });
|
|
53
|
+
fs.writeFileSync(activePath, JSON.stringify(active, null, 2), 'utf-8');
|
|
54
|
+
return { applied: true, from: active.previous, to: active.championId };
|
|
55
|
+
}
|
|
56
|
+
catch (e) {
|
|
57
|
+
return { applied: false, reason: `error: ${e?.message ?? e}` };
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
/**
|
|
61
|
+
* Apply a champion directly by its config payload (local self-optimization,
|
|
62
|
+
* ADR-176 flywheel). Unlike applyChampion (which reads a propagated, signed,
|
|
63
|
+
* adopted record), this activates a LOCALLY-mined champion that just cleared the
|
|
64
|
+
* install's own measured gate — no signing, because nothing is propagated. Still
|
|
65
|
+
* reversible (records `previous`) and idempotent. Consumers read `params`.
|
|
66
|
+
*/
|
|
67
|
+
export function applyChampionParams(cwd, opts) {
|
|
68
|
+
try {
|
|
69
|
+
const cfDir = path.join(cwd, '.claude-flow');
|
|
70
|
+
const activePath = path.join(cfDir, ACTIVE_POLICY_FILE);
|
|
71
|
+
const current = readJson(activePath);
|
|
72
|
+
if (current?.championId === opts.championId && !current.rolledBack)
|
|
73
|
+
return { applied: false, reason: 'already active' };
|
|
74
|
+
const active = {
|
|
75
|
+
championId: opts.championId,
|
|
76
|
+
provenanceTier: 'oracle:test-exec', // only a gate-cleared champion reaches here
|
|
77
|
+
layer: opts.layer,
|
|
78
|
+
appliedAt: opts.now ?? Date.now(),
|
|
79
|
+
previous: opts.previous ?? current?.championId ?? null,
|
|
80
|
+
params: opts.params,
|
|
81
|
+
};
|
|
82
|
+
fs.mkdirSync(cfDir, { recursive: true });
|
|
83
|
+
fs.writeFileSync(activePath, JSON.stringify(active, null, 2), 'utf-8');
|
|
84
|
+
return { applied: true, from: active.previous, to: active.championId };
|
|
85
|
+
}
|
|
86
|
+
catch (e) {
|
|
87
|
+
return { applied: false, reason: `error: ${e?.message ?? e}` };
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
/**
|
|
91
|
+
* Reverse the last apply: point the active policy back at its `previous`
|
|
92
|
+
* champion (reversibility, ADR-177 rollback pointer). No-op if there is no
|
|
93
|
+
* previous. The previous champion's policy is fetched by ref by consumers.
|
|
94
|
+
*/
|
|
95
|
+
export function rollbackActivePolicy(cwd, opts = {}) {
|
|
96
|
+
try {
|
|
97
|
+
const activePath = path.join(cwd, '.claude-flow', ACTIVE_POLICY_FILE);
|
|
98
|
+
const current = readJson(activePath);
|
|
99
|
+
if (!current)
|
|
100
|
+
return { applied: false, reason: 'no active policy' };
|
|
101
|
+
if (!current.previous)
|
|
102
|
+
return { applied: false, reason: 'no previous to roll back to' };
|
|
103
|
+
const reverted = {
|
|
104
|
+
championId: current.previous,
|
|
105
|
+
provenanceTier: current.provenanceTier,
|
|
106
|
+
layer: current.layer,
|
|
107
|
+
appliedAt: opts.now ?? Date.now(),
|
|
108
|
+
previous: null,
|
|
109
|
+
rolledBack: true,
|
|
110
|
+
};
|
|
111
|
+
fs.writeFileSync(activePath, JSON.stringify(reverted, null, 2), 'utf-8');
|
|
112
|
+
return { applied: true, from: current.championId, to: reverted.championId };
|
|
113
|
+
}
|
|
114
|
+
catch (e) {
|
|
115
|
+
return { applied: false, reason: `error: ${e?.message ?? e}` };
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
/** The champion routing/agents should currently use, or null. */
|
|
119
|
+
export function activeChampion(cwd) {
|
|
120
|
+
return readJson(path.join(cwd, '.claude-flow', ACTIVE_POLICY_FILE));
|
|
121
|
+
}
|
|
122
|
+
//# sourceMappingURL=harness-feedback-applier.js.map
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { type InstallEnv, type SignedProvenConfig } from './proven-config.js';
|
|
2
|
+
export declare const PROVEN_CONFIG_STAMP = ".proven-config-version";
|
|
3
|
+
/** The signed champion manifest shipped in the package (metadata; the RVFA payload rides alongside). */
|
|
4
|
+
export declare const PROVEN_CONFIG_FILE = "proven-config.signed.json";
|
|
5
|
+
/** The RVFA-packaged champion (ADR-177 final phase). Preferred when present. */
|
|
6
|
+
export declare const PROVEN_CONFIG_RVFA_FILE = "proven-config.signed.rvf";
|
|
7
|
+
/** Where an adopted champion is recorded in the project (consumed by the feedback applier, ADR-176 phase 9). */
|
|
8
|
+
export declare const ADOPTED_CONFIG_FILE = "proven-config.json";
|
|
9
|
+
/**
|
|
10
|
+
* Read a shipped champion from either packaging. `.rvf` → unpack the RVFA
|
|
11
|
+
* envelope (integrity-checked); anything else → parse as signed JSON. Returns
|
|
12
|
+
* null (never throws) on any failure. The Ed25519 signature is still verified
|
|
13
|
+
* downstream by adoptSignedConfig — this only decodes the transport.
|
|
14
|
+
*/
|
|
15
|
+
export declare function loadShippedChampion(srcPath: string): SignedProvenConfig | null;
|
|
16
|
+
/** Build the local environment the champion's constraints are checked against. */
|
|
17
|
+
export declare function currentInstallEnv(cwd?: string): InstallEnv;
|
|
18
|
+
export interface AdoptResult {
|
|
19
|
+
adopted: boolean;
|
|
20
|
+
from?: string;
|
|
21
|
+
to?: string;
|
|
22
|
+
reason?: string;
|
|
23
|
+
skipped?: string;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* The testable adoption core: given a signed champion and the local env, adopt
|
|
27
|
+
* it into `cwd/.claude` iff it is newer than the stamp AND passes both gates.
|
|
28
|
+
* Fail-closed; never throws. `pubkeyPem` is injectable for tests.
|
|
29
|
+
*/
|
|
30
|
+
export declare function adoptSignedConfig(cwd: string, signed: SignedProvenConfig, env: InstallEnv, opts?: {
|
|
31
|
+
pubkeyPem?: string;
|
|
32
|
+
}): AdoptResult;
|
|
33
|
+
/**
|
|
34
|
+
* On CLI startup: if the package ships a signed champion newer than the
|
|
35
|
+
* project's stamp, adopt it when authentic + suitable. Best-effort, never
|
|
36
|
+
* throws. No-op when no manifest ships or the project isn't initialized.
|
|
37
|
+
*/
|
|
38
|
+
export declare function autoAdoptProvenConfigIfStale(cwd?: string): Promise<AdoptResult>;
|
|
39
|
+
//# sourceMappingURL=proven-config-refresh.d.ts.map
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Proven-configuration propagation to existing installs (ADR-177).
|
|
3
|
+
*
|
|
4
|
+
* A SIBLING of the helper auto-refresh (ADR-174), deliberately independent so it
|
|
5
|
+
* never touches the hook-code channel that older CLIs verify:
|
|
6
|
+
* - its own stamp file (`.proven-config-version`, the adopted champion id),
|
|
7
|
+
* - its own trust root (RUFLO_CONFIG_PUBKEY),
|
|
8
|
+
* - additive-only: a project with no shipped manifest is a no-op.
|
|
9
|
+
*
|
|
10
|
+
* On a CLI command, if the package ships a signed champion newer than the
|
|
11
|
+
* project's stamp, it is adopted ONLY when both gates pass (ADR-177):
|
|
12
|
+
* authenticity (Ed25519) AND suitability (host/platform/compatibility/layer).
|
|
13
|
+
* A signed-but-unsuitable champion is a SAFE skip (not an error), which is also
|
|
14
|
+
* the backwards-compatibility version gate. Zero deps on the decision path.
|
|
15
|
+
*/
|
|
16
|
+
import * as fs from 'fs';
|
|
17
|
+
import * as path from 'path';
|
|
18
|
+
import { fileURLToPath } from 'url';
|
|
19
|
+
import { createRequire } from 'module';
|
|
20
|
+
import { getInstalledCliVersion } from '../init/helper-refresh.js';
|
|
21
|
+
import { evaluateForAdoption } from './proven-config.js';
|
|
22
|
+
import { unpackProvenConfigRvfa } from './proven-config-rvfa.js';
|
|
23
|
+
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
24
|
+
export const PROVEN_CONFIG_STAMP = '.proven-config-version';
|
|
25
|
+
/** The signed champion manifest shipped in the package (metadata; the RVFA payload rides alongside). */
|
|
26
|
+
export const PROVEN_CONFIG_FILE = 'proven-config.signed.json';
|
|
27
|
+
/** The RVFA-packaged champion (ADR-177 final phase). Preferred when present. */
|
|
28
|
+
export const PROVEN_CONFIG_RVFA_FILE = 'proven-config.signed.rvf';
|
|
29
|
+
/** Where an adopted champion is recorded in the project (consumed by the feedback applier, ADR-176 phase 9). */
|
|
30
|
+
export const ADOPTED_CONFIG_FILE = 'proven-config.json';
|
|
31
|
+
/**
|
|
32
|
+
* Locate the package's shipped signed champion, if any. Null when none ships.
|
|
33
|
+
* The RVFA package is preferred over the raw JSON when both are present.
|
|
34
|
+
*/
|
|
35
|
+
function findPackageProvenConfig() {
|
|
36
|
+
const dirs = [];
|
|
37
|
+
try {
|
|
38
|
+
const esmRequire = createRequire(import.meta.url);
|
|
39
|
+
const pkgRoot = path.dirname(esmRequire.resolve('@claude-flow/cli/package.json'));
|
|
40
|
+
dirs.push(path.join(pkgRoot, '.claude'));
|
|
41
|
+
}
|
|
42
|
+
catch { /* not resolvable */ }
|
|
43
|
+
dirs.push(path.resolve(__dirname, '..', '..', '..', '.claude'));
|
|
44
|
+
// RVFA form first (ruvnet-native envelope), then the raw signed JSON fallback.
|
|
45
|
+
for (const d of dirs) {
|
|
46
|
+
const rvf = path.join(d, PROVEN_CONFIG_RVFA_FILE);
|
|
47
|
+
if (fs.existsSync(rvf))
|
|
48
|
+
return rvf;
|
|
49
|
+
const json = path.join(d, PROVEN_CONFIG_FILE);
|
|
50
|
+
if (fs.existsSync(json))
|
|
51
|
+
return json;
|
|
52
|
+
}
|
|
53
|
+
return null;
|
|
54
|
+
}
|
|
55
|
+
/**
|
|
56
|
+
* Read a shipped champion from either packaging. `.rvf` → unpack the RVFA
|
|
57
|
+
* envelope (integrity-checked); anything else → parse as signed JSON. Returns
|
|
58
|
+
* null (never throws) on any failure. The Ed25519 signature is still verified
|
|
59
|
+
* downstream by adoptSignedConfig — this only decodes the transport.
|
|
60
|
+
*/
|
|
61
|
+
export function loadShippedChampion(srcPath) {
|
|
62
|
+
try {
|
|
63
|
+
if (srcPath.endsWith('.rvf')) {
|
|
64
|
+
return unpackProvenConfigRvfa(fs.readFileSync(srcPath));
|
|
65
|
+
}
|
|
66
|
+
return JSON.parse(fs.readFileSync(srcPath, 'utf-8'));
|
|
67
|
+
}
|
|
68
|
+
catch {
|
|
69
|
+
return null;
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
/** Build the local environment the champion's constraints are checked against. */
|
|
73
|
+
export function currentInstallEnv(cwd = process.cwd()) {
|
|
74
|
+
const env = {
|
|
75
|
+
platform: process.platform,
|
|
76
|
+
versions: { ruflo: getInstalledCliVersion() },
|
|
77
|
+
};
|
|
78
|
+
// Layer, if the project declares one (ADR-176 hierarchy). Optional.
|
|
79
|
+
try {
|
|
80
|
+
const layerFile = path.join(cwd, '.claude', '.harness-layer');
|
|
81
|
+
if (fs.existsSync(layerFile))
|
|
82
|
+
env.layer = fs.readFileSync(layerFile, 'utf-8').trim();
|
|
83
|
+
}
|
|
84
|
+
catch { /* none */ }
|
|
85
|
+
return env;
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* The testable adoption core: given a signed champion and the local env, adopt
|
|
89
|
+
* it into `cwd/.claude` iff it is newer than the stamp AND passes both gates.
|
|
90
|
+
* Fail-closed; never throws. `pubkeyPem` is injectable for tests.
|
|
91
|
+
*/
|
|
92
|
+
export function adoptSignedConfig(cwd, signed, env, opts = {}) {
|
|
93
|
+
try {
|
|
94
|
+
const claudeDir = path.join(cwd, '.claude');
|
|
95
|
+
if (!fs.existsSync(claudeDir))
|
|
96
|
+
return { adopted: false }; // not a ruflo project
|
|
97
|
+
const championId = signed.manifest?.policy?.ref;
|
|
98
|
+
if (!championId)
|
|
99
|
+
return { adopted: false, skipped: 'manifest missing policy.ref' };
|
|
100
|
+
let stamped = '';
|
|
101
|
+
try {
|
|
102
|
+
stamped = fs.readFileSync(path.join(claudeDir, PROVEN_CONFIG_STAMP), 'utf-8').trim();
|
|
103
|
+
}
|
|
104
|
+
catch { /* unstamped */ }
|
|
105
|
+
if (stamped === championId)
|
|
106
|
+
return { adopted: false }; // already current — fast path
|
|
107
|
+
const decision = evaluateForAdoption(signed, env, opts.pubkeyPem);
|
|
108
|
+
if (!decision.adopt) {
|
|
109
|
+
// A safe skip (unsuitable) or a refusal (bad signature). Do NOT advance the stamp.
|
|
110
|
+
return { adopted: false, skipped: decision.reason };
|
|
111
|
+
}
|
|
112
|
+
// Adopt: record the champion for the feedback applier + retain the previous (rollback pointer).
|
|
113
|
+
const record = {
|
|
114
|
+
adoptedAt: Date.now(),
|
|
115
|
+
championId,
|
|
116
|
+
manifest: decision.manifest,
|
|
117
|
+
previous: signed.manifest.rollback?.previousManifest ?? stamped ?? null,
|
|
118
|
+
};
|
|
119
|
+
try {
|
|
120
|
+
fs.writeFileSync(path.join(claudeDir, ADOPTED_CONFIG_FILE), JSON.stringify(record, null, 2), 'utf-8');
|
|
121
|
+
}
|
|
122
|
+
catch { /* */ }
|
|
123
|
+
try {
|
|
124
|
+
fs.writeFileSync(path.join(claudeDir, PROVEN_CONFIG_STAMP), championId, 'utf-8');
|
|
125
|
+
}
|
|
126
|
+
catch { /* */ }
|
|
127
|
+
return { adopted: true, from: stamped || '(none)', to: championId };
|
|
128
|
+
}
|
|
129
|
+
catch {
|
|
130
|
+
return { adopted: false };
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
/**
|
|
134
|
+
* On CLI startup: if the package ships a signed champion newer than the
|
|
135
|
+
* project's stamp, adopt it when authentic + suitable. Best-effort, never
|
|
136
|
+
* throws. No-op when no manifest ships or the project isn't initialized.
|
|
137
|
+
*/
|
|
138
|
+
export async function autoAdoptProvenConfigIfStale(cwd = process.cwd()) {
|
|
139
|
+
try {
|
|
140
|
+
if (!fs.existsSync(path.join(cwd, '.claude')))
|
|
141
|
+
return { adopted: false };
|
|
142
|
+
const src = findPackageProvenConfig();
|
|
143
|
+
if (!src)
|
|
144
|
+
return { adopted: false }; // no champion ships → no-op (additive)
|
|
145
|
+
const signed = loadShippedChampion(src);
|
|
146
|
+
if (!signed)
|
|
147
|
+
return { adopted: false, skipped: 'unreadable manifest' };
|
|
148
|
+
return adoptSignedConfig(cwd, signed, currentInstallEnv(cwd));
|
|
149
|
+
}
|
|
150
|
+
catch {
|
|
151
|
+
return { adopted: false };
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
//# sourceMappingURL=proven-config-refresh.js.map
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import type { SignedProvenConfig } from './proven-config.js';
|
|
2
|
+
/** The single RVFA section id that carries the signed manifest JSON. */
|
|
3
|
+
export declare const PROVEN_CONFIG_SECTION = "proven-config";
|
|
4
|
+
/** Header capability marker so a reader can tell this appliance apart. */
|
|
5
|
+
export declare const PROVEN_CONFIG_CAPABILITY = "proven-config";
|
|
6
|
+
/**
|
|
7
|
+
* Pack a signed proven-config manifest into an RVFA appliance binary.
|
|
8
|
+
*
|
|
9
|
+
* The whole SignedProvenConfig (manifest + signature + algorithm) becomes the
|
|
10
|
+
* payload, so the config-root signature travels inside the envelope. The RVFA
|
|
11
|
+
* layer contributes integrity (footer + section hash), not authenticity.
|
|
12
|
+
*/
|
|
13
|
+
export declare function packProvenConfigRvfa(signed: SignedProvenConfig): Buffer;
|
|
14
|
+
/** True if `buf` looks like an RVFA container (starts with the RVFA magic). */
|
|
15
|
+
export declare function isProvenConfigRvfa(buf: Buffer): boolean;
|
|
16
|
+
/**
|
|
17
|
+
* Unpack + integrity-check an RVFA-packed champion. Returns the inner
|
|
18
|
+
* SignedProvenConfig, or null on ANY failure (bad magic, corrupt footer,
|
|
19
|
+
* missing section, malformed JSON). Fail-closed — does NOT verify the Ed25519
|
|
20
|
+
* signature; that stays with adoptSignedConfig (single config trust root).
|
|
21
|
+
*/
|
|
22
|
+
export declare function unpackProvenConfigRvfa(buf: Buffer): SignedProvenConfig | null;
|
|
23
|
+
//# sourceMappingURL=proven-config-rvfa.d.ts.map
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* RVFA packaging for proven-configuration manifests (ADR-177, final phase).
|
|
3
|
+
*
|
|
4
|
+
* Keeps champion propagation inside the ruvnet RVFA ecosystem: the *already
|
|
5
|
+
* config-signed* SignedProvenConfig is carried as the sole section of a small
|
|
6
|
+
* RVFA appliance binary. This adds a ruvnet-native transport + tamper-evident
|
|
7
|
+
* envelope (RVFA's SHA256 footer + per-section hash) WITHOUT a second trust
|
|
8
|
+
* root — adoption still verifies the inner manifest's Ed25519 signature against
|
|
9
|
+
* RUFLO_CONFIG_PUBKEY (see adoptSignedConfig). Signed ≠ suitable is unchanged:
|
|
10
|
+
* unpack → verifyProvenConfig → isSuitable, fail-closed at every step.
|
|
11
|
+
*
|
|
12
|
+
* Pure Node (RvfaWriter/RvfaReader) — no LLM, no network, $0. Additive: a raw
|
|
13
|
+
* `.signed.json` champion still adopts exactly as before; the `.rvf` form is a
|
|
14
|
+
* second, optional packaging the same adopt path understands.
|
|
15
|
+
*/
|
|
16
|
+
import { RvfaWriter, RvfaReader, RVFA_MAGIC } from '../appliance/rvfa-format.js';
|
|
17
|
+
/** The single RVFA section id that carries the signed manifest JSON. */
|
|
18
|
+
export const PROVEN_CONFIG_SECTION = 'proven-config';
|
|
19
|
+
/** Header capability marker so a reader can tell this appliance apart. */
|
|
20
|
+
export const PROVEN_CONFIG_CAPABILITY = 'proven-config';
|
|
21
|
+
/**
|
|
22
|
+
* Pack a signed proven-config manifest into an RVFA appliance binary.
|
|
23
|
+
*
|
|
24
|
+
* The whole SignedProvenConfig (manifest + signature + algorithm) becomes the
|
|
25
|
+
* payload, so the config-root signature travels inside the envelope. The RVFA
|
|
26
|
+
* layer contributes integrity (footer + section hash), not authenticity.
|
|
27
|
+
*/
|
|
28
|
+
export function packProvenConfigRvfa(signed) {
|
|
29
|
+
const m = signed.manifest;
|
|
30
|
+
const writer = new RvfaWriter({
|
|
31
|
+
name: `proven-config:${m.policy?.ref ?? 'unknown'}`,
|
|
32
|
+
// Carry the compat floor for humans/tools; the real gate is isSuitable.
|
|
33
|
+
appVersion: m.compatibility?.ruflo ?? '0',
|
|
34
|
+
platform: m.platform?.[0] ?? 'any',
|
|
35
|
+
arch: 'any',
|
|
36
|
+
profile: 'offline',
|
|
37
|
+
capabilities: [PROVEN_CONFIG_CAPABILITY],
|
|
38
|
+
});
|
|
39
|
+
writer.addSection(PROVEN_CONFIG_SECTION, Buffer.from(JSON.stringify(signed), 'utf-8'), {
|
|
40
|
+
compression: 'gzip',
|
|
41
|
+
type: 'application/json',
|
|
42
|
+
});
|
|
43
|
+
return writer.build();
|
|
44
|
+
}
|
|
45
|
+
/** True if `buf` looks like an RVFA container (starts with the RVFA magic). */
|
|
46
|
+
export function isProvenConfigRvfa(buf) {
|
|
47
|
+
return buf.length >= RVFA_MAGIC.length && buf.subarray(0, RVFA_MAGIC.length).equals(RVFA_MAGIC);
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Unpack + integrity-check an RVFA-packed champion. Returns the inner
|
|
51
|
+
* SignedProvenConfig, or null on ANY failure (bad magic, corrupt footer,
|
|
52
|
+
* missing section, malformed JSON). Fail-closed — does NOT verify the Ed25519
|
|
53
|
+
* signature; that stays with adoptSignedConfig (single config trust root).
|
|
54
|
+
*/
|
|
55
|
+
export function unpackProvenConfigRvfa(buf) {
|
|
56
|
+
try {
|
|
57
|
+
if (!isProvenConfigRvfa(buf))
|
|
58
|
+
return null;
|
|
59
|
+
const reader = RvfaReader.fromBuffer(buf);
|
|
60
|
+
const integrity = reader.verify();
|
|
61
|
+
if (!integrity.valid)
|
|
62
|
+
return null; // tampered envelope → reject
|
|
63
|
+
const payload = reader.extractSection(PROVEN_CONFIG_SECTION);
|
|
64
|
+
const signed = JSON.parse(payload.toString('utf-8'));
|
|
65
|
+
if (!signed || signed.algorithm !== 'ed25519' || !signed.signature || !signed.manifest)
|
|
66
|
+
return null;
|
|
67
|
+
return signed;
|
|
68
|
+
}
|
|
69
|
+
catch {
|
|
70
|
+
return null;
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
//# sourceMappingURL=proven-config-rvfa.js.map
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
/** Ruflo config-signing PUBLIC key (safe to commit). Private half in GCP Secret Manager (ruflo-config-signing-key). */
|
|
2
|
+
export declare const RUFLO_CONFIG_PUBKEY = "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA3zr3BLCFKyrjvjZg9BXxchXIuGYwYwq21FYCjTpQO6A=\n-----END PUBLIC KEY-----";
|
|
3
|
+
/** The receipt bundle (ADR-176) — reproducible proof-of-work summary. */
|
|
4
|
+
export interface ProvenConfigReceipt {
|
|
5
|
+
heldOutDelta?: number;
|
|
6
|
+
redblue?: 'PASS' | 'FAIL' | 'SKIPPED';
|
|
7
|
+
drift?: number;
|
|
8
|
+
canary?: {
|
|
9
|
+
rollbackRate?: number;
|
|
10
|
+
latencyP95?: number;
|
|
11
|
+
costPerTask?: number;
|
|
12
|
+
};
|
|
13
|
+
receiptCoverage?: number;
|
|
14
|
+
}
|
|
15
|
+
/** The constraint contract (ADR-177 §signed != suitable) + policy reference + receipt. */
|
|
16
|
+
export interface ProvenConfigManifest {
|
|
17
|
+
schema: string;
|
|
18
|
+
policy: {
|
|
19
|
+
ref: string;
|
|
20
|
+
value?: Record<string, unknown>;
|
|
21
|
+
};
|
|
22
|
+
host?: Record<string, string>;
|
|
23
|
+
platform?: string[];
|
|
24
|
+
compatibility?: Record<string, string>;
|
|
25
|
+
benchmark?: {
|
|
26
|
+
corpus: string;
|
|
27
|
+
corpusHash: string;
|
|
28
|
+
};
|
|
29
|
+
layer?: string;
|
|
30
|
+
receipt?: ProvenConfigReceipt;
|
|
31
|
+
rollback?: {
|
|
32
|
+
previousManifest?: string;
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
export interface SignedProvenConfig {
|
|
36
|
+
manifest: ProvenConfigManifest;
|
|
37
|
+
signature: string;
|
|
38
|
+
algorithm: 'ed25519';
|
|
39
|
+
}
|
|
40
|
+
/** The local environment a manifest's constraints are checked against. */
|
|
41
|
+
export interface InstallEnv {
|
|
42
|
+
platform: string;
|
|
43
|
+
hosts?: Record<string, string>;
|
|
44
|
+
versions?: Record<string, string>;
|
|
45
|
+
layer?: string;
|
|
46
|
+
}
|
|
47
|
+
export declare function sha256Hex(content: string | Buffer): string;
|
|
48
|
+
/**
|
|
49
|
+
* Deterministic canonical bytes — recursively sorted object keys so signer and
|
|
50
|
+
* verifier agree byte-for-byte regardless of insertion order.
|
|
51
|
+
*/
|
|
52
|
+
export declare function canonicalManifestBytes(m: ProvenConfigManifest): Buffer;
|
|
53
|
+
/** Sign a manifest (publish-time; key from GCP via scripts). */
|
|
54
|
+
export declare function signProvenConfig(manifest: ProvenConfigManifest, privateKeyPem: string): SignedProvenConfig;
|
|
55
|
+
/**
|
|
56
|
+
* Verify a signed manifest against ruflo's config public key. Returns the
|
|
57
|
+
* manifest on success, or null on ANY failure (bad signature, malformed JSON,
|
|
58
|
+
* wrong algorithm, missing fields). Fail-closed.
|
|
59
|
+
*/
|
|
60
|
+
export declare function verifyProvenConfig(signedJson: string | SignedProvenConfig, pubkeyPem?: string): ProvenConfigManifest | null;
|
|
61
|
+
/**
|
|
62
|
+
* Minimal semver-range satisfier for the compat contract. Supports `>=X`, `>X`,
|
|
63
|
+
* `<=X`, `<X`, `=X`, and a bare version `X` (treated as `>=X`). Deliberately
|
|
64
|
+
* small — the manifest contract only uses min-version bounds.
|
|
65
|
+
*/
|
|
66
|
+
export declare function satisfiesRange(installed: string, range: string): boolean;
|
|
67
|
+
export interface SuitabilityResult {
|
|
68
|
+
suitable: boolean;
|
|
69
|
+
reason?: string;
|
|
70
|
+
}
|
|
71
|
+
/**
|
|
72
|
+
* Check a manifest's constraint contract against the local environment.
|
|
73
|
+
* Fail-closed: a missing/unsatisfiable constraint => not suitable (safe skip).
|
|
74
|
+
* A constraint the manifest doesn't declare is not required.
|
|
75
|
+
*/
|
|
76
|
+
export declare function isSuitable(manifest: ProvenConfigManifest, env: InstallEnv): SuitabilityResult;
|
|
77
|
+
/**
|
|
78
|
+
* The combined adoption decision (ADR-177): a manifest is adoptable iff it is
|
|
79
|
+
* both authentic (signature verifies) AND suitable (constraints satisfied).
|
|
80
|
+
*/
|
|
81
|
+
export declare function evaluateForAdoption(signedJson: string | SignedProvenConfig, env: InstallEnv, pubkeyPem?: string): {
|
|
82
|
+
adopt: boolean;
|
|
83
|
+
manifest?: ProvenConfigManifest;
|
|
84
|
+
reason: string;
|
|
85
|
+
};
|
|
86
|
+
//# sourceMappingURL=proven-config.d.ts.map
|