claude-flow 3.5.7 → 3.5.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-flow",
-  "version": "3.5.7",
+  "version": "3.5.8",
   "description": "Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration",
   "main": "dist/index.js",
   "type": "module",

package/v3/@claude-flow/cli/dist/src/commands/index.d.ts

@@ -2,8 +2,11 @@
  * V3 CLI Commands Index
  * Central registry for all CLI commands
  *
- * OPTIMIZATION: Uses lazy loading for commands to reduce CLI startup time by ~200ms
- * Commands are loaded on-demand when first accessed, not at module load time.
+ * NOTE: All commands are synchronously imported at module load time (lines below).
+ * The commandLoaders/loadCommand infrastructure provides an async fallback for
+ * commands looked up via getCommandAsync() but does NOT reduce startup time since
+ * all modules are already imported synchronously for the commands array and
+ * commandsByCategory exports.
  */
 import type { Command } from '../types.js';
 export { initCommand } from './init.js';

package/v3/@claude-flow/cli/dist/src/commands/index.js

@@ -2,8 +2,11 @@
  * V3 CLI Commands Index
  * Central registry for all CLI commands
  *
- * OPTIMIZATION: Uses lazy loading for commands to reduce CLI startup time by ~200ms
- * Commands are loaded on-demand when first accessed, not at module load time.
+ * NOTE: All commands are synchronously imported at module load time (lines below).
+ * The commandLoaders/loadCommand infrastructure provides an async fallback for
+ * commands looked up via getCommandAsync() but does NOT reduce startup time since
+ * all modules are already imported synchronously for the commands array and
+ * commandsByCategory exports.
  */
 /**
  * Command loaders - commands are only imported when needed

package/v3/@claude-flow/cli/dist/src/init/settings-generator.js

@@ -2,6 +2,7 @@
  * Settings.json Generator
  * Creates .claude/settings.json with V3-optimized hook configurations
  */
+import { detectPlatform } from './types.js';
 /**
  * Generate the complete settings.json content
  */
@@ -44,10 +45,17 @@ export function generateSettings(options) {
         CLAUDE_FLOW_V3_ENABLED: 'true',
         CLAUDE_FLOW_HOOKS_ENABLED: 'true',
     };
+    // Detect platform for platform-aware configuration
+    const platform = detectPlatform();
     // Add V3-specific settings
     settings.claudeFlow = {
         version: '3.0.0',
         enabled: true,
+        platform: {
+            os: platform.os,
+            arch: platform.arch,
+            shell: platform.shell,
+        },
         modelPreferences: {
             default: 'claude-opus-4-6',
             routing: 'claude-haiku-4-5-20251001',
@@ -142,47 +150,20 @@ export function generateSettings(options) {
     return settings;
 }
 /**
- * Build a cross-platform hook command that resolves paths to the project root.
- * Uses `git rev-parse --show-toplevel` at runtime so hooks work regardless of CWD.
- * Falls back to process.cwd() when not inside a git repo.
- *
- * The generated command is a `node -e` one-liner that:
- *   1. Finds the git root (or falls back to cwd)
- *   2. Requires the target script with the resolved absolute path
- *   3. Passes through process.argv so the script sees its subcommand in argv[2]
+ * Build a cross-platform hook command.
+ * Claude Code always runs hooks from the project root, so we invoke scripts
+ * directly without git-root resolution. This avoids `node -e` one-liners
+ * with shell-quoting issues on Windows cmd.exe and PowerShell.
  */
 function hookCmd(script, subcommand) {
-    // Compact one-liner: resolve project root, then require the script.
-    // With `node -e "..." arg`, process.argv = ['node', 'arg'] (no -e entry).
-    // hook-handler.cjs reads argv[2] as its command, so we splice in the resolved
-    // script path at argv[1] to produce: ['node', '<script>', 'subcommand'].
-    // Use single quotes for the script path to avoid conflicting with outer double quotes.
-    const scriptLiteral = `'${script}'`;
-    const resolver = [
-        "var c=require('child_process'),p=require('path'),r;",
-        "try{r=c.execSync('git rev-parse --show-toplevel',{encoding:'utf8'}).trim()}",
-        'catch(e){r=process.cwd()}',
-        `var s=p.join(r,${scriptLiteral});`,
-        'process.argv.splice(1,0,s);',
-        'require(s)',
-    ].join('');
-    return `node -e "${resolver}" ${subcommand}`.trim();
+    return `node ${script} ${subcommand}`.trim();
 }
 /**
  * Build a cross-platform hook command for ESM scripts (.mjs).
- * Uses dynamic import() with a file:// URL for cross-platform ESM loading.
+ * Same direct invocation — Node.js handles .mjs files natively.
  */
 function hookCmdEsm(script, subcommand) {
-    const scriptLiteral = `'${script}'`;
-    const resolver = [
-        "var c=require('child_process'),p=require('path'),u=require('url'),r;",
-        "try{r=c.execSync('git rev-parse --show-toplevel',{encoding:'utf8'}).trim()}",
-        'catch(e){r=process.cwd()}',
-        `var f=p.join(r,${scriptLiteral});`,
-        'process.argv.splice(1,0,f);',
-        'import(u.pathToFileURL(f).href)',
-    ].join('');
-    return `node -e "${resolver}" ${subcommand}`.trim();
+    return `node ${script} ${subcommand}`.trim();
 }
 /** Shorthand for CJS hook-handler commands */
 function hookHandlerCmd(subcommand) {
@@ -208,8 +189,8 @@ function generateStatusLineConfig(_options) {
 /**
  * Generate hooks configuration
  * Uses local hook-handler.cjs for cross-platform compatibility.
- * All hooks delegate to hook-handler.cjs via resolved absolute paths,
- * so they work identically on Windows, macOS, and Linux regardless of CWD.
+ * All hooks invoke scripts directly via `node <script> <subcommand>`,
+ * working identically on Windows, macOS, and Linux.
  */
 function generateHooksConfig(config) {
     const hooks = {};

package/v3/@claude-flow/cli/dist/src/mcp-server.js

@@ -261,10 +261,20 @@ export class MCPServerManager extends EventEmitter {
                 },
             },
         }));
-        // Handle stdin messages
+        // Handle stdin messages (S-5: bounded buffer to prevent OOM)
+        const MAX_BUFFER_SIZE = 10 * 1024 * 1024; // 10MB
         let buffer = '';
         process.stdin.on('data', async (chunk) => {
             buffer += chunk.toString();
+            if (buffer.length > MAX_BUFFER_SIZE) {
+                console.error(`[${new Date().toISOString()}] ERROR [claude-flow-mcp] Buffer exceeded ${MAX_BUFFER_SIZE} bytes, rejecting`);
+                buffer = '';
+                console.log(JSON.stringify({
+                    jsonrpc: '2.0',
+                    error: { code: -32600, message: 'Request too large' },
+                }));
+                return;
+            }
             // Process complete JSON messages
             let lines = buffer.split('\n');
             buffer = lines.pop() || ''; // Keep incomplete line in buffer

package/v3/@claude-flow/cli/dist/src/mcp-tools/config-tools.js

@@ -69,6 +69,16 @@ function getNestedValue(obj, key) {
     }
     return current;
 }
+const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+function filterDangerousKeys(obj) {
+    const filtered = {};
+    for (const [key, value] of Object.entries(obj)) {
+        if (!DANGEROUS_KEYS.has(key)) {
+            filtered[key] = value;
+        }
+    }
+    return filtered;
+}
 function setNestedValue(obj, key, value) {
     const parts = key.split('.');
     let current = obj;
@@ -301,7 +311,7 @@ export const configTools = [
         },
         handler: async (input) => {
             const store = loadConfigStore();
-            const config = input.config;
+            const config = filterDangerousKeys(input.config);
             const scope = input.scope || 'default';
             const merge = input.merge !== false;
             const importedKeys = Object.keys(config);

package/v3/@claude-flow/cli/dist/src/mcp-tools/memory-tools.js

@@ -30,6 +30,21 @@ function ensureMemoryDir() {
         mkdirSync(dir, { recursive: true });
     }
 }
+// D-2: Input bounds for memory parameters
+const MAX_KEY_LENGTH = 1024;
+const MAX_VALUE_SIZE = 1024 * 1024; // 1MB
+const MAX_QUERY_LENGTH = 4096;
+function validateMemoryInput(key, value, query) {
+    if (key && key.length > MAX_KEY_LENGTH) {
+        throw new Error(`Key exceeds maximum length of ${MAX_KEY_LENGTH} characters`);
+    }
+    if (value && value.length > MAX_VALUE_SIZE) {
+        throw new Error(`Value exceeds maximum size of ${MAX_VALUE_SIZE} bytes`);
+    }
+    if (query && query.length > MAX_QUERY_LENGTH) {
+        throw new Error(`Query exceeds maximum length of ${MAX_QUERY_LENGTH} characters`);
+    }
+}
 /**
  * Check if legacy JSON store exists and needs migration
  */
@@ -146,6 +161,7 @@ export const memoryTools = [
             const tags = input.tags || [];
             const ttl = input.ttl;
             const upsert = input.upsert || false;
+            validateMemoryInput(key, value);
             const startTime = performance.now();
             try {
                 const result = await storeEntry({
@@ -260,6 +276,7 @@ export const memoryTools = [
             const namespace = input.namespace || 'default';
             const limit = input.limit || 10;
             const threshold = input.threshold || 0.3;
+            validateMemoryInput(undefined, undefined, query);
             const startTime = performance.now();
             try {
                 const result = await searchEntries({

package/v3/@claude-flow/cli/dist/src/plugins/manager.js

@@ -5,9 +5,18 @@
  */
 import * as fs from 'fs';
 import * as path from 'path';
-import { exec } from 'child_process';
+import { execFile } from 'child_process';
 import { promisify } from 'util';
-const execAsync = promisify(exec);
+const execFileAsync = promisify(execFile);
+/**
+ * Validate npm package name to prevent shell injection (S-3)
+ */
+const VALID_PACKAGE_RE = /^(@[a-z0-9-~][a-z0-9-._~]*\/)?[a-z0-9-~][a-z0-9-._~]*(@[a-z0-9._\-^~>=<]+)?$/;
+function validatePackageName(spec) {
+    if (!VALID_PACKAGE_RE.test(spec)) {
+        throw new Error(`Invalid package name: ${spec}`);
+    }
+}
 // ============================================================================
 // Plugin Manager
 // ============================================================================
@@ -92,9 +101,11 @@ export class PluginManager {
             // Install to local plugins directory
             const installDir = path.join(this.config.pluginsDir, 'node_modules');
             await this.ensureDirectory(installDir);
-            // Use npm to install
+            // Validate package name to prevent injection (S-3)
+            validatePackageName(versionSpec);
+            // Use npm to install (array form prevents shell injection)
             console.log(`[PluginManager] Installing ${versionSpec}...`);
-            const { stdout, stderr } = await execAsync(`npm install --prefix "${this.config.pluginsDir}" ${versionSpec}`, { timeout: 120000 });
+            await execFileAsync('npm', ['install', '--prefix', this.config.pluginsDir, versionSpec], { timeout: 120000 });
             // Get installed version
             const packageJsonPath = path.join(installDir, packageName, 'package.json');
             let installedVersion = version || 'latest';
@@ -198,7 +209,8 @@ export class PluginManager {
         try {
             // For npm-installed plugins, remove from node_modules
             if (plugin.source === 'npm') {
-                await execAsync(`npm uninstall --prefix "${this.config.pluginsDir}" ${packageName}`, { timeout: 60000 });
+                validatePackageName(packageName);
+                await execFileAsync('npm', ['uninstall', '--prefix', this.config.pluginsDir, packageName], { timeout: 60000 });
             }
             // Remove from manifest
             delete this.manifest.plugins[packageName];
@@ -316,8 +328,10 @@ export class PluginManager {
         }
         try {
             const versionSpec = version ? `${packageName}@${version}` : `${packageName}@latest`;
-            // Reinstall with new version
-            await execAsync(`npm install --prefix "${this.config.pluginsDir}" ${versionSpec}`, { timeout: 120000 });
+            // Validate package name to prevent injection (S-3)
+            validatePackageName(versionSpec);
+            // Reinstall with new version (array form prevents shell injection)
+            await execFileAsync('npm', ['install', '--prefix', this.config.pluginsDir, versionSpec], { timeout: 120000 });
             // Update manifest
             const installDir = path.join(this.config.pluginsDir, 'node_modules');
             const packageJsonPath = path.join(installDir, packageName, 'package.json');
@@ -375,6 +389,9 @@ export function getPluginManager(baseDir) {
     if (!defaultManager) {
         defaultManager = new PluginManager(baseDir);
     }
+    else if (baseDir && defaultManager.getPluginsDir() !== path.join(baseDir, '.claude-flow', 'plugins')) {
+        console.warn(`[PluginManager] Warning: getPluginManager called with different baseDir. Using existing instance. Call resetPluginManager() first to change.`);
+    }
     return defaultManager;
 }
 export function resetPluginManager() {

package/v3/@claude-flow/cli/dist/src/production/error-handler.js

@@ -133,7 +133,7 @@ export class ErrorHandler {
         const sanitized = {};
         for (const [key, value] of Object.entries(input)) {
             const lowerKey = key.toLowerCase();
-            const isSensitive = SENSITIVE_KEYS.some(sk => lowerKey.includes(sk));
+            const isSensitive = SENSITIVE_KEYS.some(sk => lowerKey.includes(sk.toLowerCase()));
             if (isSensitive) {
                 sanitized[key] = '[REDACTED]';
             }

package/v3/@claude-flow/cli/dist/src/transfer/ipfs/client.js

@@ -93,6 +93,8 @@ export async function resolveIPNS(ipnsName, preferredGateway) {
  * @returns Parsed JSON content or null if fetch fails
  */
 export async function fetchFromIPFS(cid, preferredGateway) {
+    if (!isValidCID(cid))
+        return null;
     const gateways = preferredGateway
         ? [preferredGateway, ...IPFS_GATEWAYS.filter(g => g !== preferredGateway)]
         : IPFS_GATEWAYS;
@@ -135,6 +137,8 @@ export async function fetchFromIPFS(cid, preferredGateway) {
  * Fetch with full result metadata
  */
 export async function fetchFromIPFSWithMetadata(cid, preferredGateway) {
+    if (!isValidCID(cid))
+        return null;
     const gateways = preferredGateway
         ? [preferredGateway, ...IPFS_GATEWAYS.filter(g => g !== preferredGateway)]
         : IPFS_GATEWAYS;
@@ -172,6 +176,8 @@ export async function fetchFromIPFSWithMetadata(cid, preferredGateway) {
  * Check if CID is pinned/available on a gateway
  */
 export async function isPinned(cid, gateway = 'https://ipfs.io') {
+    if (!isValidCID(cid))
+        return false;
     try {
         const response = await fetch(`${gateway}/ipfs/${cid}`, {
             method: 'HEAD',
@@ -187,6 +193,8 @@ export async function isPinned(cid, gateway = 'https://ipfs.io') {
  * Check availability across multiple gateways
  */
 export async function checkAvailability(cid) {
+    if (!isValidCID(cid))
+        return { available: false, gateways: [] };
     const results = await Promise.all(IPFS_GATEWAYS.map(async (gateway) => {
         const startTime = Date.now();
         try {

package/v3/@claude-flow/cli/dist/src/transfer/ipfs/upload.js

@@ -187,8 +187,6 @@ export async function uploadToIPFS(content, options = {}) {
     const size = content.length;
     console.log(`[IPFS] Demo upload: ${size} bytes`);
     console.log(`[IPFS] Name: ${name}`);
-    // Simulate upload delay
-    await new Promise(resolve => setTimeout(resolve, 500));
     const result = {
         cid,
         size,

package/v3/@claude-flow/cli/dist/src/transfer/serialization/cfp.js

@@ -102,10 +102,7 @@ export function serializeToBuffer(cfp, format) {
         case 'cbor.gz':
         case 'cbor.zstd':
         case 'msgpack':
-            // Fallback to JSON for now
-            // In production: use cbor-x, msgpack-lite, etc.
-            console.warn(`Format ${format} not implemented, using JSON`);
-            return Buffer.from(json, 'utf-8');
+            throw new Error(`Serialization format '${format}' is not implemented. Use 'json' instead.`);
         default:
             return Buffer.from(json, 'utf-8');
     }
@@ -115,7 +112,13 @@ export function serializeToBuffer(cfp, format) {
  */
 export function deserializeCFP(data) {
     const str = typeof data === 'string' ? data : data.toString('utf-8');
-    const parsed = JSON.parse(str);
+    let parsed;
+    try {
+        parsed = JSON.parse(str);
+    }
+    catch (e) {
+        throw new Error(`Invalid CFP file: ${e instanceof Error ? e.message : String(e)}`);
+    }
     // Validate magic bytes
     if (parsed.magic !== 'CFP1') {
         throw new Error(`Invalid CFP format: expected magic 'CFP1', got '${parsed.magic}'`);

package/v3/@claude-flow/cli/dist/src/transfer/storage/gcs.js

@@ -8,7 +8,7 @@
 import * as crypto from 'crypto';
 import * as fs from 'fs';
 import * as path from 'path';
-import { execSync } from 'child_process';
+import { execFileSync } from 'child_process';
 /**
  * Get GCS configuration from environment
  */
@@ -23,12 +23,24 @@ export function getGCSConfig() {
         prefix: process.env.GCS_PREFIX || 'claude-flow-patterns',
     };
 }
+/**
+ * Validate GCS bucket name (prevents command injection via bucket names)
+ */
+function isValidBucketName(bucket) {
+    return /^[a-z0-9][a-z0-9._-]{1,221}[a-z0-9]$/.test(bucket);
+}
+/**
+ * Validate GCS object path (no shell metacharacters)
+ */
+function isValidObjectPath(objectPath) {
+    return /^[a-zA-Z0-9_.\/\-]+$/.test(objectPath);
+}
 /**
  * Check if gcloud CLI is available
  */
 export function isGCloudAvailable() {
     try {
-        execSync('gcloud --version', { stdio: 'pipe' });
+        execFileSync('gcloud', ['--version'], { stdio: 'pipe' });
         return true;
     }
     catch {
@@ -40,7 +52,7 @@ export function isGCloudAvailable() {
  */
 export async function isGCloudAuthenticated() {
     try {
-        execSync('gcloud auth print-access-token', { stdio: 'pipe' });
+        execFileSync('gcloud', ['auth', 'print-access-token'], { stdio: 'pipe' });
         return true;
     }
     catch {
@@ -67,27 +79,33 @@ export async function uploadToGCS(content, options = {}) {
     const checksum = crypto.createHash('sha256').update(content).digest('hex');
     const fileName = options.name || `${contentId}.cfp.json`;
     const objectPath = config.prefix ? `${config.prefix}/${fileName}` : fileName;
+    // S-1: Validate bucket name and object path to prevent command injection
+    if (!isValidBucketName(config.bucket)) {
+        throw new Error(`Invalid GCS bucket name: ${config.bucket}`);
+    }
+    if (!isValidObjectPath(objectPath)) {
+        throw new Error(`Invalid GCS object path: ${objectPath}`);
+    }
     console.log(`[GCS] Uploading to gs://${config.bucket}/${objectPath}...`);
     // Write content to temp file
     const tempDir = process.env.TMPDIR || '/tmp';
     const tempFile = path.join(tempDir, `claude-flow-upload-${Date.now()}.json`);
     fs.writeFileSync(tempFile, content);
     try {
-        // Build gcloud command
-        const metadataArgs = options.metadata
-            ? Object.entries(options.metadata)
-                .map(([k, v]) => `--metadata=${k}=${v}`)
-                .join(' ')
-            : '';
-        const projectArg = config.projectId ? `--project=${config.projectId}` : '';
-        // Upload using gcloud storage cp
-        const cmd = `gcloud storage cp "${tempFile}" "gs://${config.bucket}/${objectPath}" ${projectArg} --content-type="${options.contentType || 'application/json'}" 2>&1`;
-        execSync(cmd, { encoding: 'utf-8' });
+        // Build gcloud args (array form prevents shell injection)
+        const uploadArgs = ['storage', 'cp', tempFile, `gs://${config.bucket}/${objectPath}`];
+        if (config.projectId)
+            uploadArgs.push(`--project=${config.projectId}`);
+        uploadArgs.push(`--content-type=${options.contentType || 'application/json'}`);
+        execFileSync('gcloud', uploadArgs, { encoding: 'utf-8', stdio: 'pipe' });
         // Set metadata if provided
         if (options.metadata && Object.keys(options.metadata).length > 0) {
             const metadataJson = JSON.stringify(options.metadata);
             try {
-                execSync(`gcloud storage objects update "gs://${config.bucket}/${objectPath}" --custom-metadata='${metadataJson}' ${projectArg} 2>&1`, { encoding: 'utf-8' });
+                const metaArgs = ['storage', 'objects', 'update', `gs://${config.bucket}/${objectPath}`, `--custom-metadata=${metadataJson}`];
+                if (config.projectId)
+                    metaArgs.push(`--project=${config.projectId}`);
+                execFileSync('gcloud', metaArgs, { encoding: 'utf-8', stdio: 'pipe' });
             }
             catch {
                 // Metadata update failed, but upload succeeded
@@ -121,14 +139,16 @@ export async function uploadToGCS(content, options = {}) {
  */
 export async function downloadFromGCS(uri, config) {
     const cfg = config || getGCSConfig();
-    const projectArg = cfg?.projectId ? `--project=${cfg.projectId}` : '';
     console.log(`[GCS] Downloading from ${uri}...`);
     // Write to temp file first
     const tempDir = process.env.TMPDIR || '/tmp';
     const tempFile = path.join(tempDir, `claude-flow-download-${Date.now()}.json`);
     try {
-        // Download using gcloud storage cp
-        execSync(`gcloud storage cp "${uri}" "${tempFile}" ${projectArg} 2>&1`, { encoding: 'utf-8' });
+        // Download using gcloud storage cp (array form prevents shell injection)
+        const downloadArgs = ['storage', 'cp', uri, tempFile];
+        if (cfg?.projectId)
+            downloadArgs.push(`--project=${cfg.projectId}`);
+        execFileSync('gcloud', downloadArgs, { encoding: 'utf-8', stdio: 'pipe' });
         const content = fs.readFileSync(tempFile);
         fs.unlinkSync(tempFile);
         console.log(`[GCS] Downloaded ${content.length} bytes`);
@@ -148,9 +168,11 @@ export async function downloadFromGCS(uri, config) {
  */
 export async function existsInGCS(uri, config) {
     const cfg = config || getGCSConfig();
-    const projectArg = cfg?.projectId ? `--project=${cfg.projectId}` : '';
     try {
-        execSync(`gcloud storage ls "${uri}" ${projectArg} 2>&1`, { encoding: 'utf-8', stdio: 'pipe' });
+        const lsArgs = ['storage', 'ls', uri];
+        if (cfg?.projectId)
+            lsArgs.push(`--project=${cfg.projectId}`);
+        execFileSync('gcloud', lsArgs, { encoding: 'utf-8', stdio: 'pipe' });
         return true;
     }
     catch {
@@ -165,10 +187,12 @@ export async function listGCSObjects(prefix, config) {
     if (!cfg)
         return [];
     const objectPrefix = prefix || cfg.prefix || '';
-    const projectArg = cfg.projectId ? `--project=${cfg.projectId}` : '';
     const uri = `gs://${cfg.bucket}/${objectPrefix}`;
     try {
-        const result = execSync(`gcloud storage ls -l "${uri}" ${projectArg} --format=json 2>&1`, { encoding: 'utf-8' });
+        const listArgs = ['storage', 'ls', '-l', uri, '--format=json'];
+        if (cfg.projectId)
+            listArgs.push(`--project=${cfg.projectId}`);
+        const result = execFileSync('gcloud', listArgs, { encoding: 'utf-8', stdio: 'pipe' });
         const objects = JSON.parse(result);
         return objects.map((obj) => ({
             name: obj.name,
@@ -185,9 +209,11 @@ export async function listGCSObjects(prefix, config) {
  */
 export async function deleteFromGCS(uri, config) {
     const cfg = config || getGCSConfig();
-    const projectArg = cfg?.projectId ? `--project=${cfg.projectId}` : '';
     try {
-        execSync(`gcloud storage rm "${uri}" ${projectArg} 2>&1`, { encoding: 'utf-8' });
+        const rmArgs = ['storage', 'rm', uri];
+        if (cfg?.projectId)
+            rmArgs.push(`--project=${cfg.projectId}`);
+        execFileSync('gcloud', rmArgs, { encoding: 'utf-8', stdio: 'pipe' });
         return true;
     }
     catch {

package/v3/@claude-flow/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@claude-flow/cli",
-  "version": "3.5.7",
+  "version": "3.5.8",
   "type": "module",
   "description": "Ruflo CLI - Enterprise AI agent orchestration with 60+ specialized agents, swarm coordination, MCP server, self-learning hooks, and vector memory for Claude Code",
   "main": "dist/src/index.js",