claude-flow 3.5.69 → 3.5.71

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-flow",
-  "version": "3.5.69",
+  "version": "3.5.71",
   "description": "Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration",
   "main": "dist/index.js",
   "type": "module",

package/v3/@claude-flow/cli/dist/src/commands/autopilot.js

@@ -287,7 +287,7 @@ const predictCommand = {
             else {
                 output.writeln(`Action: ${prediction?.action || 'unknown'}`);
                 output.writeln(`Confidence: ${prediction?.confidence || 0}`);
-                if (prediction?.alternatives?.length > 0)
+                if (prediction?.alternatives && prediction.alternatives.length > 0)
                     output.writeln(`Alternatives: ${prediction.alternatives.join(', ')}`);
             }
             return { success: true };

package/v3/@claude-flow/cli/dist/src/commands/hooks.js

@@ -3763,7 +3763,7 @@ const postBashCommand = {
 // Token Optimizer command - integrates agentic-flow Agent Booster
 const tokenOptimizeCommand = {
     name: 'token-optimize',
-    description: 'Token optimization via agentic-flow Agent Booster (30-50% savings)',
+    description: 'Token optimization via agentic-flow Agent Booster integration',
     options: [
         { name: 'query', short: 'q', type: 'string', description: 'Query for compact context retrieval' },
         { name: 'agents', short: 'A', type: 'number', description: 'Agent count for optimal config', default: '6' },
@@ -3791,7 +3791,6 @@ const tokenOptimizeCommand = {
             memoriesRetrieved: 0,
         };
         let agenticFlowAvailable = false;
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
         let reasoningBank = null;
         try {
             // Check if agentic-flow v3 is available
@@ -3846,10 +3845,8 @@ const tokenOptimizeCommand = {
                 output.writeln();
                 output.printInfo('ReasoningBank not available - query skipped');
             }
-            // Simulate some token savings for demo
-            stats.totalTokensSaved += 200;
-            stats.cacheHits = 2;
-            stats.cacheMisses = 1;
+            // Note: stats reflect only actual measured values from this session.
+            // No simulated/fabricated data is added.
             // Show stats
             if (showStats || showReport) {
                 output.writeln();
@@ -4413,7 +4410,7 @@ export const hooksCommand = {
             `${output.highlight('coverage-route')}  - Route tasks based on coverage gaps (ruvector)`,
             `${output.highlight('coverage-suggest')}- Suggest coverage improvements`,
             `${output.highlight('coverage-gaps')}   - List all coverage gaps with agents`,
-            `${output.highlight('token-optimize')} - Token optimization (30-50% savings)`,
+            `${output.highlight('token-optimize')} - Token optimization (agentic-flow integration)`,
             `${output.highlight('model-route')}    - Route to optimal model (haiku/sonnet/opus)`,
             `${output.highlight('model-outcome')}  - Record model routing outcome`,
             `${output.highlight('model-stats')}    - View model routing statistics`,

package/v3/@claude-flow/cli/dist/src/commands/init.js

@@ -18,7 +18,6 @@ async function initCodexAction(ctx, options) {
     const spinner = output.createSpinner({ text: 'Initializing Codex project...' });
     spinner.start();
     try {
-        // Dynamic import of the Codex initializer with lazy loading fallback
         let CodexInitializer;
         // Try multiple resolution strategies for the @claude-flow/codex package
         // Use a variable to prevent TypeScript from statically resolving the optional module

package/v3/@claude-flow/cli/dist/src/commands/neural.js

@@ -1333,6 +1333,7 @@ const benchmarkCommand = {
         const spinner = output.createSpinner({ text: 'Running benchmarks...', spinner: 'dots' });
         spinner.start();
         try {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any -- dynamic import of optional native WASM module with no type declarations
             const attention = await import('@ruvector/attention');
             // Manual benchmark since benchmarkAttention has a binding bug
             const benchmarkMechanism = async (name, mechanism) => {

package/v3/@claude-flow/cli/dist/src/commands/providers.js

@@ -6,6 +6,91 @@
  */
 import { output } from '../output.js';
 import { configManager } from '../services/config-file-manager.js';
+const PROVIDER_CATALOG = [
+    { name: 'Anthropic', type: 'LLM', models: 'claude-3.5-sonnet, opus', envVar: 'ANTHROPIC_API_KEY', configName: 'anthropic' },
+    { name: 'OpenAI', type: 'LLM', models: 'gpt-4o, gpt-4-turbo', envVar: 'OPENAI_API_KEY', configName: 'openai' },
+    { name: 'OpenAI', type: 'Embedding', models: 'text-embedding-3-small/large', envVar: 'OPENAI_API_KEY', configName: 'openai' },
+    { name: 'Google', type: 'LLM', models: 'gemini-pro, gemini-ultra', envVar: 'GOOGLE_API_KEY', configName: 'google' },
+    { name: 'Transformers.js', type: 'Embedding', models: 'Xenova/all-MiniLM-L6-v2' },
+    { name: 'Agentic Flow', type: 'Embedding', models: 'ONNX optimized' },
+    { name: 'Mock', type: 'All', models: 'mock-*' },
+];
+/**
+ * Resolve the API key for a provider by checking the config file first,
+ * then falling back to well-known environment variables.
+ */
+function resolveApiKey(providerName, configuredProviders) {
+    // Check config file entry
+    const entry = configuredProviders.find((p) => typeof p.name === 'string' && p.name.toLowerCase() === providerName.toLowerCase());
+    if (entry?.apiKey && typeof entry.apiKey === 'string') {
+        return entry.apiKey;
+    }
+    // Check environment variable
+    const envMapping = {
+        anthropic: 'ANTHROPIC_API_KEY',
+        openai: 'OPENAI_API_KEY',
+        google: 'GOOGLE_API_KEY',
+    };
+    const envVar = envMapping[providerName.toLowerCase()];
+    if (envVar && process.env[envVar]) {
+        return process.env[envVar];
+    }
+    return undefined;
+}
+/**
+ * Make a lightweight HTTP request to verify provider API key validity.
+ * Uses a 5-second timeout. Returns { ok, reason }.
+ */
+async function testProviderConnectivity(providerName, apiKey) {
+    const endpoints = {
+        anthropic: {
+            url: 'https://api.anthropic.com/v1/models',
+            headers: {
+                'x-api-key': apiKey,
+                'anthropic-version': '2023-06-01',
+            },
+        },
+        openai: {
+            url: 'https://api.openai.com/v1/models',
+            headers: {
+                'Authorization': `Bearer ${apiKey}`,
+            },
+        },
+        google: {
+            url: `https://generativelanguage.googleapis.com/v1beta/models?key=${apiKey}`,
+            headers: {},
+        },
+    };
+    const endpointConfig = endpoints[providerName.toLowerCase()];
+    if (!endpointConfig) {
+        return { ok: false, reason: 'No test endpoint available for this provider' };
+    }
+    try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 5000);
+        const res = await fetch(endpointConfig.url, {
+            method: 'GET',
+            headers: endpointConfig.headers,
+            signal: controller.signal,
+        });
+        clearTimeout(timeout);
+        if (res.ok || res.status === 200) {
+            return { ok: true, reason: 'Connected successfully' };
+        }
+        if (res.status === 401 || res.status === 403) {
+            return { ok: false, reason: `Authentication failed (HTTP ${res.status})` };
+        }
+        // A non-auth error but the server responded — key format may be fine
+        return { ok: false, reason: `Unexpected response (HTTP ${res.status})` };
+    }
+    catch (err) {
+        if (err instanceof Error && err.name === 'AbortError') {
+            return { ok: false, reason: 'Connection timed out (5s)' };
+        }
+        const msg = err instanceof Error ? err.message : String(err);
+        return { ok: false, reason: `Connection failed: ${msg}` };
+    }
+}
 // List subcommand
 const listCommand = {
     name: 'list',
@@ -20,26 +105,88 @@ const listCommand = {
     ],
     action: async (ctx) => {
         const type = ctx.flags.type || 'all';
-        // Note: Static provider catalog — does not reflect user's configured providers
+        const activeOnly = ctx.flags.active;
+        // Load user configuration
+        const cwd = process.cwd();
+        const config = configManager.getConfig(cwd);
+        const agents = (config.agents ?? {});
+        const configuredProviders = (agents.providers ?? []);
+        // Build table rows from the catalog, enriched with configuration status
+        const rows = [];
+        for (const entry of PROVIDER_CATALOG) {
+            // Apply type filter
+            if (type !== 'all' && entry.type.toLowerCase() !== type.toLowerCase()) {
+                continue;
+            }
+            let status;
+            let keySource = '';
+            if (entry.configName) {
+                const apiKey = resolveApiKey(entry.configName, configuredProviders);
+                if (apiKey) {
+                    // Determine the source for the key
+                    const configEntry = configuredProviders.find((p) => typeof p.name === 'string' && p.name.toLowerCase() === entry.configName.toLowerCase());
+                    if (configEntry?.apiKey && typeof configEntry.apiKey === 'string') {
+                        keySource = 'config';
+                    }
+                    else {
+                        keySource = 'env';
+                    }
+                    status = output.success(`Configured (${keySource})`);
+                }
+                else {
+                    status = output.warning('Not configured');
+                }
+            }
+            else if (entry.name === 'Mock') {
+                status = output.dim('Dev only');
+            }
+            else {
+                // Local-only providers (Transformers.js, Agentic Flow) — always available
+                status = output.success('Available (local)');
+            }
+            if (activeOnly && !status.includes('Configured') && !status.includes('Available')) {
+                continue;
+            }
+            rows.push({
+                provider: entry.name,
+                type: entry.type,
+                models: entry.models,
+                status,
+            });
+        }
+        // Also show any providers in config that are not in the static catalog
+        for (const cp of configuredProviders) {
+            const cpName = cp.name || '';
+            const alreadyListed = PROVIDER_CATALOG.some((e) => e.configName?.toLowerCase() === cpName.toLowerCase() || e.name.toLowerCase() === cpName.toLowerCase());
+            if (!alreadyListed && cpName) {
+                const hasKey = !!(cp.apiKey || resolveApiKey(cpName, configuredProviders));
+                rows.push({
+                    provider: cpName,
+                    type: cp.type || 'Custom',
+                    models: cp.model || output.dim('(not specified)'),
+                    status: hasKey ? output.success('Configured (config)') : output.warning('Not configured'),
+                });
+            }
+        }
         output.writeln();
-        output.writeln(output.bold('Available Providers'));
+        output.writeln(output.bold('Providers'));
         output.writeln(output.dim('─'.repeat(60)));
-        output.printTable({
-            columns: [
-                { key: 'provider', header: 'Provider', width: 18 },
-                { key: 'type', header: 'Type', width: 12 },
-                { key: 'models', header: 'Models', width: 25 },
-                { key: 'status', header: 'Status', width: 12 },
-            ],
-            data: [
-                { provider: 'Anthropic', type: 'LLM', models: 'claude-3.5-sonnet, opus', status: output.success('Active') },
-                { provider: 'OpenAI', type: 'LLM', models: 'gpt-4o, gpt-4-turbo', status: output.success('Active') },
-                { provider: 'OpenAI', type: 'Embedding', models: 'text-embedding-3-small/large', status: output.success('Active') },
-                { provider: 'Transformers.js', type: 'Embedding', models: 'Xenova/all-MiniLM-L6-v2', status: output.success('Active') },
-                { provider: 'Agentic Flow', type: 'Embedding', models: 'ONNX optimized', status: output.success('Active') },
-                { provider: 'Mock', type: 'All', models: 'mock-*', status: output.dim('Dev only') },
-            ],
-        });
+        if (rows.length === 0) {
+            output.writeln(output.dim('  No providers match the current filter.'));
+        }
+        else {
+            output.printTable({
+                columns: [
+                    { key: 'provider', header: 'Provider', width: 18 },
+                    { key: 'type', header: 'Type', width: 12 },
+                    { key: 'models', header: 'Models', width: 25 },
+                    { key: 'status', header: 'Status', width: 20 },
+                ],
+                data: rows,
+            });
+        }
+        output.writeln();
+        output.writeln(output.dim('Tip: Use "providers configure -p <name> -k <key>" to set API keys.'));
         return { success: true };
     },
 };
@@ -133,98 +280,83 @@ const testCommand = {
             const config = configManager.getConfig(cwd);
             const agents = (config.agents ?? {});
             const configuredProviders = (agents.providers ?? []);
-            const getConfigApiKey = (name) => {
-                const entry = configuredProviders.find((p) => typeof p.name === 'string' && p.name.toLowerCase() === name.toLowerCase());
-                return entry?.apiKey;
-            };
-            const knownChecks = [
-                {
-                    name: 'Anthropic',
-                    test: async () => {
-                        const key = process.env.ANTHROPIC_API_KEY || getConfigApiKey('anthropic');
-                        if (key)
-                            return { pass: true, reason: 'API key found' };
-                        return { pass: false, reason: 'ANTHROPIC_API_KEY not set and no apiKey in config' };
-                    },
-                },
-                {
-                    name: 'OpenAI',
-                    test: async () => {
-                        const key = process.env.OPENAI_API_KEY || getConfigApiKey('openai');
-                        if (key)
-                            return { pass: true, reason: 'API key found' };
-                        return { pass: false, reason: 'OPENAI_API_KEY not set and no apiKey in config' };
-                    },
-                },
-                {
-                    name: 'Google',
-                    test: async () => {
-                        const key = process.env.GOOGLE_API_KEY || getConfigApiKey('google');
-                        if (key)
-                            return { pass: true, reason: 'API key found' };
-                        return { pass: false, reason: 'GOOGLE_API_KEY not set and no apiKey in config' };
-                    },
-                },
-                {
-                    name: 'Ollama',
-                    test: async () => {
-                        const entry = configuredProviders.find((p) => typeof p.name === 'string' && p.name.toLowerCase() === 'ollama');
-                        const baseUrl = entry?.baseUrl || 'http://localhost:11434';
-                        try {
-                            const controller = new AbortController();
-                            const timeout = setTimeout(() => controller.abort(), 3000);
-                            const res = await fetch(baseUrl, { signal: controller.signal });
-                            clearTimeout(timeout);
-                            if (res.ok)
-                                return { pass: true, reason: `Reachable at ${baseUrl}` };
-                            return { pass: false, reason: `HTTP ${res.status} from ${baseUrl}` };
-                        }
-                        catch {
-                            return { pass: false, reason: `Unreachable at ${baseUrl}` };
-                        }
-                    },
-                },
+            const knownTargets = [
+                { name: 'Anthropic', configName: 'anthropic' },
+                { name: 'OpenAI', configName: 'openai' },
+                { name: 'Google', configName: 'google' },
             ];
-            // Filter to requested provider or test all
-            let checksToRun;
+            // Add Ollama as a special case (endpoint-based, no API key)
+            const ollamaEntry = configuredProviders.find((p) => typeof p.name === 'string' && p.name.toLowerCase() === 'ollama');
+            let targets;
             if (testAll || !provider) {
-                checksToRun = knownChecks;
+                targets = [...knownTargets];
             }
             else {
-                const match = knownChecks.find((c) => c.name.toLowerCase() === provider.toLowerCase());
-                if (match) {
-                    checksToRun = [match];
+                const match = knownTargets.find((t) => t.name.toLowerCase() === provider.toLowerCase() || t.configName === provider.toLowerCase());
+                targets = match ? [match] : [{ name: provider, configName: provider.toLowerCase() }];
+            }
+            const results = [];
+            // Test API-key-based providers with real connectivity checks
+            for (const target of targets) {
+                const apiKey = resolveApiKey(target.configName, configuredProviders);
+                if (!apiKey) {
+                    results.push({ name: target.name, pass: false, reason: 'Not configured (no API key found)' });
+                    continue;
                 }
-                else {
-                    // Unknown provider -- check if it has a config entry with an apiKey
-                    checksToRun = [
-                        {
-                            name: provider,
-                            test: async () => {
-                                const key = getConfigApiKey(provider);
-                                if (key)
-                                    return { pass: true, reason: 'API key found in config' };
-                                return { pass: false, reason: 'No API key in environment or config' };
-                            },
-                        },
-                    ];
+                output.writeln(output.dim(`  Testing ${target.name}...`));
+                const result = await testProviderConnectivity(target.name, apiKey);
+                results.push({ name: target.name, pass: result.ok, reason: result.reason });
+            }
+            // Test Ollama separately (endpoint-based, no API key needed)
+            if (testAll || !provider || provider.toLowerCase() === 'ollama') {
+                const baseUrl = ollamaEntry?.baseUrl || 'http://localhost:11434';
+                output.writeln(output.dim(`  Testing Ollama at ${baseUrl}...`));
+                try {
+                    const controller = new AbortController();
+                    const timeout = setTimeout(() => controller.abort(), 5000);
+                    const res = await fetch(baseUrl, { signal: controller.signal });
+                    clearTimeout(timeout);
+                    if (res.ok) {
+                        results.push({ name: 'Ollama', pass: true, reason: `Connected at ${baseUrl}` });
+                    }
+                    else {
+                        results.push({ name: 'Ollama', pass: false, reason: `HTTP ${res.status} from ${baseUrl}` });
+                    }
+                }
+                catch {
+                    results.push({ name: 'Ollama', pass: false, reason: `Unreachable at ${baseUrl}` });
                 }
             }
-            let anyPassed = false;
-            const results = [];
-            for (const check of checksToRun) {
-                const result = await check.test();
-                results.push({ name: check.name, ...result });
-                if (result.pass)
-                    anyPassed = true;
+            // Also test any custom providers from config that were not in the known list
+            if (testAll || !provider) {
+                for (const cp of configuredProviders) {
+                    const cpName = cp.name || '';
+                    const alreadyTested = results.some((r) => r.name.toLowerCase() === cpName.toLowerCase());
+                    if (alreadyTested || !cpName)
+                        continue;
+                    const apiKey = resolveApiKey(cpName, configuredProviders);
+                    if (!apiKey) {
+                        results.push({ name: cpName, pass: false, reason: 'No API key found' });
+                    }
+                    else {
+                        // For custom providers we can only verify the key exists
+                        results.push({ name: cpName, pass: true, reason: 'API key found (no test endpoint available)' });
+                    }
+                }
             }
+            let anyPassed = false;
             output.writeln();
             for (const r of results) {
                 const icon = r.pass ? output.success('PASS') : output.error('FAIL');
                 output.writeln(`  ${icon}  ${r.name}: ${r.reason}`);
+                if (r.pass)
+                    anyPassed = true;
             }
             output.writeln();
-            if (anyPassed) {
+            if (results.length === 0) {
+                output.writeln(output.warning('No providers to test. Use "providers configure" to add providers.'));
+            }
+            else if (anyPassed) {
                 output.writeln(output.success(`${results.filter((r) => r.pass).length}/${results.length} provider(s) passed.`));
             }
             else {

package/v3/@claude-flow/cli/dist/src/commands/security.js

@@ -53,7 +53,7 @@ const scanCommand = {
                         }
                         catch (auditErr) {
                             // npm audit exits non-zero when vulnerabilities found — stdout still has JSON
-                            auditResult = auditErr.stdout || '{}';
+                            auditResult = (auditErr instanceof Error && 'stdout' in auditErr ? auditErr.stdout : undefined) || '{}';
                         }
                         try {
                             const audit = JSON.parse(auditResult);

package/v3/@claude-flow/cli/dist/src/mcp-tools/agent-tools.js

@@ -7,7 +7,7 @@
 import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
 import { join } from 'node:path';
 import { getProjectCwd } from './types.js';
-import { validateAgentSpawn } from './validate-input.js';
+import { validateIdentifier, validateAgentSpawn } from './validate-input.js';
 // Storage paths
 const STORAGE_DIR = '.claude-flow';
 const AGENT_DIR = 'agents';
@@ -221,6 +221,9 @@ export const agentTools = [
             required: ['agentId'],
         },
         handler: async (input) => {
+            const v = validateIdentifier(input.agentId, 'agentId');
+            if (!v.valid)
+                return { success: false, error: `Input validation failed: ${v.error}` };
             const store = loadAgentStore();
             const agentId = input.agentId;
             if (store.agents[agentId]) {
@@ -252,6 +255,9 @@ export const agentTools = [
             required: ['agentId'],
         },
         handler: async (input) => {
+            const v = validateIdentifier(input.agentId, 'agentId');
+            if (!v.valid)
+                return { agentId: input.agentId, status: 'not_found', error: `Input validation failed: ${v.error}` };
             const store = loadAgentStore();
             const agentId = input.agentId;
             const agent = store.agents[agentId];
@@ -287,6 +293,16 @@ export const agentTools = [
             },
         },
         handler: async (input) => {
+            if (input.status) {
+                const v = validateIdentifier(input.status, 'status');
+                if (!v.valid)
+                    return { agents: [], total: 0, error: `Input validation failed: ${v.error}` };
+            }
+            if (input.domain) {
+                const v = validateIdentifier(input.domain, 'domain');
+                if (!v.valid)
+                    return { agents: [], total: 0, error: `Input validation failed: ${v.error}` };
+            }
             const store = loadAgentStore();
             let agents = Object.values(store.agents);
             // Filter by status
@@ -333,6 +349,11 @@ export const agentTools = [
             required: ['action'],
         },
         handler: async (input) => {
+            if (input.agentType) {
+                const v = validateIdentifier(input.agentType, 'agentType');
+                if (!v.valid)
+                    return { action: input.action, error: `Input validation failed: ${v.error}` };
+            }
             const store = loadAgentStore();
             const agents = Object.values(store.agents).filter(a => a.status !== 'terminated');
             const action = input.action || 'status'; // Default to status
@@ -443,6 +464,11 @@ export const agentTools = [
             },
         },
         handler: async (input) => {
+            if (input.agentId) {
+                const v = validateIdentifier(input.agentId, 'agentId');
+                if (!v.valid)
+                    return { agentId: input.agentId, error: `Input validation failed: ${v.error}` };
+            }
             const store = loadAgentStore();
             const agents = Object.values(store.agents).filter(a => a.status !== 'terminated');
             const threshold = input.threshold || 0.5;
@@ -517,6 +543,14 @@ export const agentTools = [
             required: ['agentId'],
         },
         handler: async (input) => {
+            const v = validateIdentifier(input.agentId, 'agentId');
+            if (!v.valid)
+                return { success: false, agentId: input.agentId, error: `Input validation failed: ${v.error}` };
+            if (input.status) {
+                const vs = validateIdentifier(input.status, 'status');
+                if (!vs.valid)
+                    return { success: false, agentId: input.agentId, error: `Input validation failed: ${vs.error}` };
+            }
             const store = loadAgentStore();
             const agentId = input.agentId;
             const agent = store.agents[agentId];