claude-flow 3.5.76 → 3.5.78

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-flow",
-  "version": "3.5.76",
+  "version": "3.5.78",
   "description": "Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration",
   "main": "dist/index.js",
   "type": "module",

package/v3/@claude-flow/cli/bin/cli.js

@@ -158,8 +158,15 @@ if (isMCPMode) {
   // Run normal CLI mode
   const { CLI } = await import('../dist/src/index.js');
   const cli = new CLI();
-  cli.run().catch((error) => {
-    console.error('Fatal error:', error.message);
-    process.exit(1);
-  });
+  cli.run()
+    .then(() => {
+      // #1552: Exit cleanly after one-shot commands.
+      // Long-running commands (daemon foreground, mcp, status --watch) never resolve,
+      // so this only fires for normal CLI commands.
+      process.exit(0);
+    })
+    .catch((error) => {
+      console.error('Fatal error:', error.message);
+      process.exit(1);
+    });
 }

package/v3/@claude-flow/cli/dist/src/autopilot-state.js

@@ -7,6 +7,10 @@
  * ADR-072: Autopilot Integration
  * Security: Addresses prototype pollution, NaN bypass, input validation
  */
+import { randomUUID } from 'node:crypto';
+import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, renameSync } from 'node:fs';
+import { resolve, join } from 'node:path';
+import { homedir } from 'node:os';
 // ── Constants ─────────────────────────────────────────────────
 export const STATE_DIR = '.claude-flow/data';
 export const STATE_FILE = `${STATE_DIR}/autopilot-state.json`;
@@ -71,9 +75,8 @@ export function validateTaskSources(sources) {
 }
 // ── State Management ──────────────────────────────────────────
 export function getDefaultState() {
-    const crypto = require('crypto');
     return {
-        sessionId: crypto.randomUUID(),
+        sessionId: randomUUID(),
         enabled: false,
         startTime: Date.now(),
         iterations: 0,
@@ -85,13 +88,11 @@ export function getDefaultState() {
     };
 }
 export function loadState() {
-    const fs = require('fs');
-    const path = require('path');
-    const filePath = path.resolve(STATE_FILE);
+    const filePath = resolve(STATE_FILE);
     const defaults = getDefaultState();
     try {
-        if (fs.existsSync(filePath)) {
-            const raw = safeJsonParse(fs.readFileSync(filePath, 'utf-8'));
+        if (existsSync(filePath)) {
+            const raw = safeJsonParse(readFileSync(filePath, 'utf-8'));
             const merged = { ...defaults, ...raw };
             // Re-validate fields that could be tampered with
             merged.maxIterations = validateNumber(merged.maxIterations, 1, 1000, 50);
@@ -111,30 +112,26 @@ export function loadState() {
     return defaults;
 }
 export function saveState(state) {
-    const fs = require('fs');
-    const path = require('path');
-    const dir = path.resolve(STATE_DIR);
-    if (!fs.existsSync(dir))
-        fs.mkdirSync(dir, { recursive: true });
+    const dir = resolve(STATE_DIR);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
     // Cap history before saving
     if (state.history.length > MAX_HISTORY_ENTRIES) {
         state.history = state.history.slice(-MAX_HISTORY_ENTRIES);
     }
-    const tmpFile = path.resolve(STATE_FILE) + '.tmp';
-    fs.writeFileSync(tmpFile, JSON.stringify(state, null, 2));
-    fs.renameSync(tmpFile, path.resolve(STATE_FILE));
+    const tmpFile = resolve(STATE_FILE) + '.tmp';
+    writeFileSync(tmpFile, JSON.stringify(state, null, 2));
+    renameSync(tmpFile, resolve(STATE_FILE));
 }
 export function appendLog(entry) {
-    const fs = require('fs');
-    const path = require('path');
-    const filePath = path.resolve(LOG_FILE);
-    const dir = path.resolve(STATE_DIR);
-    if (!fs.existsSync(dir))
-        fs.mkdirSync(dir, { recursive: true });
+    const filePath = resolve(LOG_FILE);
+    const dir = resolve(STATE_DIR);
+    if (!existsSync(dir))
+        mkdirSync(dir, { recursive: true });
     let log = [];
     try {
-        if (fs.existsSync(filePath)) {
-            log = safeJsonParse(fs.readFileSync(filePath, 'utf-8'));
+        if (existsSync(filePath)) {
+            log = safeJsonParse(readFileSync(filePath, 'utf-8'));
             if (!Array.isArray(log))
                 log = [];
         }
@@ -146,16 +143,14 @@ export function appendLog(entry) {
     if (log.length > MAX_LOG_ENTRIES)
         log = log.slice(-MAX_LOG_ENTRIES);
     const tmpFile = filePath + '.tmp';
-    fs.writeFileSync(tmpFile, JSON.stringify(log, null, 2));
-    fs.renameSync(tmpFile, filePath);
+    writeFileSync(tmpFile, JSON.stringify(log, null, 2));
+    renameSync(tmpFile, filePath);
 }
 export function loadLog() {
-    const fs = require('fs');
-    const path = require('path');
-    const filePath = path.resolve(LOG_FILE);
+    const filePath = resolve(LOG_FILE);
     try {
-        if (fs.existsSync(filePath)) {
-            const result = safeJsonParse(fs.readFileSync(filePath, 'utf-8'));
+        if (existsSync(filePath)) {
+            const result = safeJsonParse(readFileSync(filePath, 'utf-8'));
             return Array.isArray(result) ? result : [];
         }
     }
@@ -166,26 +161,23 @@ export function loadLog() {
 }
 // ── Task Discovery ────────────────────────────────────────────
 export function discoverTasks(sources) {
-    const fs = require('fs');
-    const path = require('path');
-    const os = require('os');
     const tasks = [];
     // Only process valid sources
     const validSources = sources.filter(s => VALID_TASK_SOURCES.has(s));
     for (const source of validSources) {
         if (source === 'team-tasks') {
-            const tasksDir = path.join(os.homedir(), '.claude', 'tasks');
+            const tasksDir = join(homedir(), '.claude', 'tasks');
             try {
-                if (fs.existsSync(tasksDir)) {
-                    const teams = fs.readdirSync(tasksDir, { withFileTypes: true });
+                if (existsSync(tasksDir)) {
+                    const teams = readdirSync(tasksDir, { withFileTypes: true });
                     for (const team of teams) {
                         if (!team.isDirectory())
                             continue;
-                        const teamDir = path.join(tasksDir, team.name);
-                        const files = fs.readdirSync(teamDir).filter((f) => f.endsWith('.json'));
+                        const teamDir = join(tasksDir, team.name);
+                        const files = readdirSync(teamDir).filter((f) => f.endsWith('.json'));
                         for (const file of files) {
                             try {
-                                const data = safeJsonParse(fs.readFileSync(path.join(teamDir, file), 'utf-8'));
+                                const data = safeJsonParse(readFileSync(join(teamDir, file), 'utf-8'));
                                 tasks.push({
                                     id: String(data.id || file.replace('.json', '')),
                                     subject: String(data.subject || data.title || file),
@@ -201,10 +193,10 @@ export function discoverTasks(sources) {
             catch { /* skip source */ }
         }
         if (source === 'swarm-tasks') {
-            const swarmFile = path.resolve('.claude-flow/swarm-tasks.json');
+            const swarmFile = resolve('.claude-flow/swarm-tasks.json');
             try {
-                if (fs.existsSync(swarmFile)) {
-                    const data = safeJsonParse(fs.readFileSync(swarmFile, 'utf-8'));
+                if (existsSync(swarmFile)) {
+                    const data = safeJsonParse(readFileSync(swarmFile, 'utf-8'));
                     const swarmTasks = Array.isArray(data) ? data : (data.tasks || []);
                     for (const t of swarmTasks) {
                         if (t && typeof t === 'object') {
@@ -222,10 +214,10 @@ export function discoverTasks(sources) {
             catch { /* skip source */ }
         }
         if (source === 'file-checklist') {
-            const checklistFile = path.resolve('.claude-flow/data/checklist.json');
+            const checklistFile = resolve('.claude-flow/data/checklist.json');
             try {
-                if (fs.existsSync(checklistFile)) {
-                    const data = safeJsonParse(fs.readFileSync(checklistFile, 'utf-8'));
+                if (existsSync(checklistFile)) {
+                    const data = safeJsonParse(readFileSync(checklistFile, 'utf-8'));
                     const items = Array.isArray(data) ? data : (data.items || []);
                     for (const item of items) {
                         if (item && typeof item === 'object') {

package/v3/@claude-flow/cli/dist/src/commands/autopilot.js

@@ -182,10 +182,10 @@ const logCommand = {
     ],
     action: async (ctx) => {
         if (ctx.flags?.clear) {
-            const fs = require('fs');
-            const path = require('path');
+            const { writeFileSync } = await import('node:fs');
+            const { resolve } = await import('node:path');
             try {
-                fs.writeFileSync(path.resolve(LOG_FILE), '[]');
+                writeFileSync(resolve(LOG_FILE), '[]');
             }
             catch { /* ignore */ }
             output.writeln('Autopilot log cleared');

package/v3/@claude-flow/cli/dist/src/commands/claims.js

@@ -4,27 +4,25 @@
  *
  * Created with ❤️ by ruv.io
  */
+import { existsSync, readFileSync, writeFileSync, mkdirSync, renameSync } from 'node:fs';
+import { resolve, dirname } from 'node:path';
 import { output } from '../output.js';
 const CLAIMS_CONFIG_PATHS = [
     '.claude-flow/claims.json',
     'claude-flow.claims.json',
 ];
 function getClaimsConfigPaths() {
-    // Lazy import to keep top-level synchronous
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
-    const path = require('path');
     return [
-        path.resolve(CLAIMS_CONFIG_PATHS[0]),
-        path.resolve(CLAIMS_CONFIG_PATHS[1]),
-        path.resolve(process.env.HOME || '~', '.config/claude-flow/claims.json'),
+        resolve(CLAIMS_CONFIG_PATHS[0]),
+        resolve(CLAIMS_CONFIG_PATHS[1]),
+        resolve(process.env.HOME || '~', '.config/claude-flow/claims.json'),
     ];
 }
 function loadClaimsConfig() {
-    const fs = require('fs');
     const configPaths = getClaimsConfigPaths();
     for (const configPath of configPaths) {
-        if (fs.existsSync(configPath)) {
-            const content = fs.readFileSync(configPath, 'utf-8');
+        if (existsSync(configPath)) {
+            const content = readFileSync(configPath, 'utf-8');
             return { config: JSON.parse(content), path: configPath };
         }
     }
@@ -41,15 +39,13 @@ function loadClaimsConfig() {
     return { config: defaultConfig, path: configPaths[0] };
 }
 function saveClaimsConfig(config, configPath) {
-    const fs = require('fs');
-    const path = require('path');
-    const dir = path.dirname(configPath);
-    if (!fs.existsSync(dir)) {
-        fs.mkdirSync(dir, { recursive: true });
+    const dir = dirname(configPath);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
     }
     const tmpPath = configPath + '.tmp';
-    fs.writeFileSync(tmpPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
-    fs.renameSync(tmpPath, configPath);
+    writeFileSync(tmpPath, JSON.stringify(config, null, 2) + '\n', 'utf-8');
+    renameSync(tmpPath, configPath);
 }
 // List subcommand
 const listCommand = {

package/v3/@claude-flow/cli/dist/src/commands/cleanup.js

@@ -5,13 +5,21 @@
  * Created with ruv.io
  */
 import { output } from '../output.js';
-import { existsSync, statSync, rmSync, readdirSync } from 'fs';
+import { existsSync, statSync, rmSync, readdirSync, readFileSync, writeFileSync } from 'fs';
 import { join } from 'path';
+/**
+ * Ruflo-owned subdirectories within .claude/ that are safe to delete.
+ * Everything else in .claude/ (agents, skills, commands, settings.local.json,
+ * memory.db, worktrees, launch.json) belongs to Claude Code and must be preserved.
+ * See: https://github.com/ruvnet/ruflo/issues/1557
+ */
+const CLAUDE_OWNED_SUBDIRS = [
+    { path: join('.claude', 'helpers'), description: 'Ruflo hook scripts' },
+];
 /**
  * Artifact directories and files that claude-flow/ruflo may create
  */
 const ARTIFACT_DIRS = [
-    { path: '.claude', description: 'Claude settings, helpers, agents' },
     { path: '.claude-flow', description: 'Capabilities and configuration' },
     { path: 'data', description: 'Memory databases' },
     { path: '.swarm', description: 'Swarm state' },
@@ -119,7 +127,21 @@ export const cleanupCommand = {
         output.writeln();
         const found = [];
         let totalSize = 0;
-        // Scan directories
+        // Scan ruflo-owned subdirs within .claude/ (surgical — preserves Claude Code files)
+        for (const artifact of CLAUDE_OWNED_SUBDIRS) {
+            const fullPath = join(cwd, artifact.path);
+            if (existsSync(fullPath)) {
+                const size = getSize(fullPath);
+                found.push({ path: artifact.path, description: artifact.description, size, type: 'dir' });
+                totalSize += size;
+            }
+        }
+        // Check if .claude/settings.json has ruflo hooks/claudeFlow blocks to clean
+        const settingsPath = join(cwd, '.claude', 'settings.json');
+        if (existsSync(settingsPath)) {
+            found.push({ path: join('.claude', 'settings.json'), description: 'Remove ruflo hooks/claudeFlow blocks (preserves rest)', size: 0, type: 'file' });
+        }
+        // Scan standalone artifact directories
         for (const artifact of ARTIFACT_DIRS) {
             const fullPath = join(cwd, artifact.path);
             if (existsSync(fullPath)) {
@@ -170,7 +192,17 @@ export const cleanupCommand = {
                 // Actually delete
                 try {
                     const fullPath = join(cwd, item.path);
-                    if (item.type === 'dir') {
+                    // Special handling: surgically clean settings.json instead of deleting
+                    if (item.path === join('.claude', 'settings.json')) {
+                        try {
+                            const raw = JSON.parse(readFileSync(fullPath, 'utf-8'));
+                            delete raw.hooks;
+                            delete raw.claudeFlow;
+                            writeFileSync(fullPath, JSON.stringify(raw, null, 2) + '\n', 'utf-8');
+                        }
+                        catch { /* settings.json parse failed, skip */ }
+                    }
+                    else if (item.type === 'dir') {
                         rmSync(fullPath, { recursive: true, force: true });
                     }
                     else {

package/v3/@claude-flow/cli/dist/src/commands/daemon.js

@@ -69,10 +69,12 @@ const startCommand = {
             const bgPid = getBackgroundDaemonPid(projectRoot);
             if (bgPid && isProcessRunning(bgPid)) {
                 if (!quiet) {
-                    output.printWarning(`Daemon already running in background (PID: ${bgPid})`);
+                    output.printWarning(`Daemon already running in background (PID: ${bgPid}). Stop it first with: daemon stop`);
                 }
                 return { success: true };
             }
+            // #1551: Kill any stale daemon processes that weren't tracked by PID file
+            await killStaleDaemons(projectRoot, quiet);
         }
         // Background mode (default): fork a detached process
         if (!foreground) {
@@ -302,11 +304,14 @@ const stopCommand = {
                 await stopDaemon();
                 // Also kill any background daemon by PID
                 const killed = await killBackgroundDaemon(projectRoot);
+                // #1551: Also kill stale daemon processes not tracked by PID file
+                await killStaleDaemons(projectRoot, true);
                 spinner.succeed(killed ? 'Worker daemon stopped' : 'Worker daemon was not running');
             }
             else {
                 await stopDaemon();
                 await killBackgroundDaemon(projectRoot);
+                await killStaleDaemons(projectRoot, true);
             }
             return { success: true };
         }
@@ -365,6 +370,46 @@ async function killBackgroundDaemon(projectRoot) {
         return false;
     }
 }
+/**
+ * Kill stale daemon processes not tracked by the PID file (#1551).
+ * Uses `ps` to find all daemon processes for this project and kills them.
+ */
+async function killStaleDaemons(projectRoot, quiet) {
+    try {
+        const { execFileSync } = await import('child_process');
+        const psOutput = execFileSync('ps', ['-eo', 'pid,command'], { encoding: 'utf-8', timeout: 5000 });
+        const lines = psOutput.split('\n');
+        const currentPid = process.pid;
+        const trackedPid = getBackgroundDaemonPid(projectRoot);
+        let killed = 0;
+        for (const line of lines) {
+            if (!line.includes('daemon start --foreground'))
+                continue;
+            if (!line.includes('claude-flow') && !line.includes('@claude-flow/cli'))
+                continue;
+            const pidStr = line.trim().split(/\s+/)[0];
+            const pid = parseInt(pidStr, 10);
+            if (isNaN(pid) || pid === currentPid || pid === trackedPid)
+                continue;
+            if (!isProcessRunning(pid))
+                continue;
+            try {
+                process.kill(pid, 'SIGTERM');
+                killed++;
+                if (!quiet) {
+                    output.printWarning(`Killed stale daemon process (PID: ${pid})`);
+                }
+            }
+            catch { /* ignore — may have exited between check and kill */ }
+        }
+        if (killed > 0 && !quiet) {
+            output.printInfo(`Cleaned up ${killed} stale daemon process(es)`);
+        }
+    }
+    catch {
+        // ps not available or failed — skip stale cleanup
+    }
+}
 /**
  * Get PID of background daemon from PID file
  */

package/v3/@claude-flow/cli/dist/src/commands/security.js

@@ -5,6 +5,7 @@
  * Created with ❤️ by ruv.io
  */
 import { output } from '../output.js';
+import { execSync } from 'node:child_process';
 // Scan subcommand
 const scanCommand = {
     name: 'scan',
@@ -337,7 +338,6 @@ const threatsCommand = {
         // Check for .env files committed to git
         const checkEnvInGit = () => {
             try {
-                const { execSync } = require('child_process');
                 const tracked = execSync('git ls-files --cached', { cwd: rootDir, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
                 const envFiles = tracked.split('\n').filter((f) => /(?:^|\/)\.env(?:\.|$)/.test(f));
                 for (const envFile of envFiles) {

package/v3/@claude-flow/cli/dist/src/mcp-server.js

@@ -17,6 +17,8 @@
  * @version 3.0.0
  */
 import { EventEmitter } from 'events';
+import { execFileSync } from 'child_process';
+import { request as httpRequestFn } from 'http';
 import { randomUUID } from 'crypto';
 import * as path from 'path';
 import * as fs from 'fs';
@@ -572,13 +574,11 @@ export class MCPServerManager extends EventEmitter {
         // Verify it's actually a node process (guards against PID reuse)
         // DA-CRIT-3: Use execFileSync to prevent command injection via PID values
         try {
-            const { execFileSync } = require('child_process');
             const safePid = String(Math.floor(Math.abs(pid)));
             let cmdline = '';
             try {
                 // Try /proc on Linux
-                const { readFileSync } = require('fs');
-                cmdline = readFileSync(`/proc/${safePid}/cmdline`, 'utf8');
+                cmdline = fs.readFileSync(`/proc/${safePid}/cmdline`, 'utf8');
             }
             catch {
                 // Fall back to ps on macOS/other
@@ -608,8 +608,7 @@ export class MCPServerManager extends EventEmitter {
     async httpRequest(url, method, timeout) {
         return new Promise((resolve, reject) => {
             const urlObj = new URL(url);
-            const http = require('http');
-            const req = http.request({
+            const req = httpRequestFn({
                 hostname: urlObj.hostname,
                 port: urlObj.port,
                 path: urlObj.pathname,

package/v3/@claude-flow/cli/dist/src/mcp-tools/performance-tools.js

@@ -13,7 +13,7 @@
  */
 import { getProjectCwd } from './types.js';
 import { validateIdentifier } from './validate-input.js';
-import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync, readdirSync } from 'node:fs';
 import { join } from 'node:path';
 import * as os from 'node:os';
 // Storage paths
@@ -183,7 +183,6 @@ export const performanceTools = [
                 readFileSync(probeFile);
                 diskLatencyMs = Math.round((performance.now() - t0) * 100) / 100;
                 try {
-                    const { unlinkSync } = require('node:fs');
                     unlinkSync(probeFile);
                 }
                 catch { /* best-effort */ }
@@ -421,7 +420,6 @@ export const performanceTools = [
                 .sort((a, b) => b.percentOfTotal - a.percentOfTotal);
             // Cleanup probe file
             try {
-                const { unlinkSync } = require('node:fs');
                 unlinkSync(join(getPerfDir(), '.profile-probe'));
             }
             catch { /* ok */ }
@@ -472,7 +470,6 @@ export const performanceTools = [
                 readFileSync(probe);
                 diskLatencyBefore = Math.round((performance.now() - t0) * 100) / 100;
                 try {
-                    const { unlinkSync } = require('node:fs');
                     unlinkSync(probe);
                 }
                 catch { /* ok */ }
@@ -517,10 +514,9 @@ export const performanceTools = [
             if (aggressive) {
                 try {
                     const dir = getPerfDir();
-                    const { readdirSync, unlinkSync: ul } = require('node:fs');
                     const probes = readdirSync(dir).filter((f) => f.startsWith('.'));
                     probes.forEach((f) => { try {
-                        ul(join(dir, f));
+                        unlinkSync(join(dir, f));
                     }
                     catch { /* ok */ } });
                     if (probes.length > 0)

package/v3/@claude-flow/cli/dist/src/ruvector/coverage-router.js

@@ -6,6 +6,9 @@
  * - TTL-based caching of coverage data
  * - Singleton router instance
  */
+import * as pathMod from 'node:path';
+import { existsSync } from 'node:fs';
+import { readFile } from 'node:fs/promises';
 // ============================================================================
 // Caching for Performance
 // ============================================================================
@@ -378,7 +381,8 @@ export async function coverageGaps(options = {}) {
  * Returns null if path is invalid or attempts traversal
  */
 function validateProjectPath(inputPath) {
-    const { resolve, normalize, isAbsolute } = require('path');
+    // eslint-disable-next-line @typescript-eslint/no-var-requires -- sync function, top-level import at file head
+    const { resolve, normalize, isAbsolute } = pathMod;
     // Default to cwd if not provided
     const basePath = inputPath || process.cwd();
     // Normalize and resolve the path
@@ -417,9 +421,7 @@ async function loadProjectCoverage(projectRoot, skipCache) {
             return cached.report;
         }
     }
-    const { existsSync } = require('fs');
-    const { readFile } = require('fs/promises');
-    const { join, normalize } = require('path');
+    const { join, normalize } = pathMod;
     // Try common coverage locations (all relative to validated root)
     const coverageLocations = [
         ['coverage', 'coverage-final.json'],

package/v3/@claude-flow/cli/dist/src/ruvector/diff-classifier.js

@@ -1,6 +1,8 @@
 /**
  * Diff Classifier for Change Analysis
  */
+import { execFileSync, execFile } from 'node:child_process';
+import { promisify } from 'node:util';
 const DEFAULT_CONFIG = {
     maxDiffSize: 10000,
     classifyByImpact: true,
@@ -344,7 +346,7 @@ export function getGitDiffNumstat(ref = 'HEAD') {
     if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) {
         return cached.files;
     }
-    const { execFileSync } = require('child_process');
+    // execFileSync imported at top level
     try {
         // SECURITY: Use execFileSync with args array instead of shell string
         // This prevents command injection via the ref parameter
@@ -417,8 +419,7 @@ export async function getGitDiffNumstatAsync(ref = 'HEAD') {
     if (cached && Date.now() - cached.timestamp < CACHE_TTL_MS) {
         return cached.files;
     }
-    const { execFile } = require('child_process');
-    const { promisify } = require('util');
+    // execFile + promisify imported at top level
     const execFileAsync = promisify(execFile);
     try {
         // SECURITY: Use execFile with args array instead of shell string

package/v3/@claude-flow/cli/dist/src/update/checker.js

@@ -3,6 +3,7 @@
  * Queries npm registry and compares versions
  */
 import * as semver from 'semver';
+import { createRequire } from 'node:module';
 import { shouldCheckForUpdates, recordCheck, getCachedVersions } from './rate-limiter.js';
 const DEFAULT_CONFIG = {
     enabled: true,
@@ -88,10 +89,10 @@ export function getInstalledVersion(packageName) {
         ];
         for (const modulePath of possiblePaths) {
             try {
-                // Use dynamic import with require for package.json
-                const resolved = require.resolve(modulePath, { paths: [process.cwd()] });
-                // eslint-disable-next-line @typescript-eslint/no-var-requires
-                const pkg = require(resolved);
+                // Use createRequire for ESM-compatible package.json loading
+                const esmRequire = createRequire(import.meta.url);
+                const resolved = esmRequire.resolve(modulePath, { paths: [process.cwd()] });
+                const pkg = esmRequire(resolved);
                 return pkg.version;
             }
             catch {

package/v3/@claude-flow/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@claude-flow/cli",
-  "version": "3.5.76",
+  "version": "3.5.78",
   "type": "module",
   "description": "Ruflo CLI - Enterprise AI agent orchestration with 60+ specialized agents, swarm coordination, MCP server, self-learning hooks, and vector memory for Claude Code",
   "main": "dist/src/index.js",