claude-flow 3.7.0-alpha.67 → 3.7.0-alpha.69

package/.claude/agents/github/code-review-swarm.md

@@ -2,7 +2,7 @@
 name: code-review-swarm
 description: |
   Deploy specialized AI agents to perform comprehensive, intelligent code reviews that go beyond traditional static analysis
-tools: mcp__claude-flow__swarm_init, mcp__claude-flow__agent_spawn, mcp__claude-flow__task_orchestrate, Bash, Read, Write, TodoWrite
+tools: mcp__claude-flow__swarm_init, mcp__claude-flow__agent_spawn, mcp__claude-flow__task_orchestrate, mcp__claude-flow__memory_search, mcp__claude-flow__memory_store, mcp__claude-flow__memory_retrieve, mcp__claude-flow__hooks_pre-task, mcp__claude-flow__hooks_post-task, mcp__claude-flow__hooks_route, Bash, Read, Write, TodoWrite
 ---
 
 # Code Review Swarm - Automated Code Review with AI Agents

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-flow",
-  "version": "3.7.0-alpha.67",
+  "version": "3.7.0-alpha.69",
   "description": "Ruflo - Enterprise AI agent orchestration for Claude Code. Deploy 60+ specialized agents in coordinated swarms with self-learning, fault-tolerant consensus, vector memory, and MCP integration",
   "main": "dist/index.js",
   "type": "module",

package/v3/@claude-flow/cli/dist/src/commands/benchmark-cosign.d.ts

@@ -0,0 +1,29 @@
+/**
+ * ADR-121 Phase 26 — `ruflo benchmark cosign` CLI subcommand.
+ *
+ * Phase 24 shipped the M-of-N cryptographic primitive (`coSign()`).
+ * Phase 25 shipped the consumer-facing verify command. This phase
+ * closes the loop with the **third-party-verifier workflow**:
+ *
+ *   # vendor publishes ledger.json + a benchmark claim
+ *   # third party reviews + co-signs
+ *   npx ruflo benchmark cosign vendor-ledger.json \
+ *       --entry 11 \
+ *       --label "independent-auditor" \
+ *       --out audited-ledger.json
+ *
+ *   # downstream consumers check the audited ledger requires
+ *   # two signatures per entry
+ *   npx ruflo benchmark verify audited-ledger.json --threshold 2
+ *
+ * Auto-generates an ephemeral Ed25519 keypair (writes the public
+ * key alongside the cosignature in the output ledger; private key
+ * not persisted by default). Pass `--key <path>` to persist the
+ * keypair (or read from a previously-persisted file) so the same
+ * signer can attest multiple entries / multiple ledgers with a
+ * stable identity.
+ */
+import type { Command } from '../types.js';
+export declare const benchmarkCosignCommand: Command;
+export default benchmarkCosignCommand;
+//# sourceMappingURL=benchmark-cosign.d.ts.map

package/v3/@claude-flow/cli/dist/src/commands/benchmark-cosign.js

@@ -0,0 +1,222 @@
+/**
+ * ADR-121 Phase 26 — `ruflo benchmark cosign` CLI subcommand.
+ *
+ * Phase 24 shipped the M-of-N cryptographic primitive (`coSign()`).
+ * Phase 25 shipped the consumer-facing verify command. This phase
+ * closes the loop with the **third-party-verifier workflow**:
+ *
+ *   # vendor publishes ledger.json + a benchmark claim
+ *   # third party reviews + co-signs
+ *   npx ruflo benchmark cosign vendor-ledger.json \
+ *       --entry 11 \
+ *       --label "independent-auditor" \
+ *       --out audited-ledger.json
+ *
+ *   # downstream consumers check the audited ledger requires
+ *   # two signatures per entry
+ *   npx ruflo benchmark verify audited-ledger.json --threshold 2
+ *
+ * Auto-generates an ephemeral Ed25519 keypair (writes the public
+ * key alongside the cosignature in the output ledger; private key
+ * not persisted by default). Pass `--key <path>` to persist the
+ * keypair (or read from a previously-persisted file) so the same
+ * signer can attest multiple entries / multiple ledgers with a
+ * stable identity.
+ */
+import { promises as fs } from 'node:fs';
+import { resolve } from 'node:path';
+import { generateKeyPairSync, createPrivateKey, createPublicKey } from 'node:crypto';
+import { output } from '../output.js';
+async function loadOrGenerateKeypair(keyPath) {
+    if (keyPath) {
+        const abs = resolve(process.cwd(), keyPath);
+        try {
+            const raw = await fs.readFile(abs, 'utf8');
+            const parsed = JSON.parse(raw);
+            const privateKey = createPrivateKey({ key: Buffer.from(parsed.privateKey, 'hex'), format: 'der', type: 'pkcs8' });
+            const publicKey = createPublicKey({ key: Buffer.from(parsed.publicKey, 'hex'), format: 'der', type: 'spki' });
+            return { keypair: { privateKey, publicKey }, source: 'loaded' };
+        }
+        catch (err) {
+            // File doesn't exist yet — generate a fresh keypair and persist it.
+            const kp = generateKeyPairSync('ed25519');
+            const pkcs8 = kp.privateKey.export({ type: 'pkcs8', format: 'der' }).toString('hex');
+            const spki = kp.publicKey.export({ type: 'spki', format: 'der' }).toString('hex');
+            await fs.writeFile(abs, JSON.stringify({ privateKey: pkcs8, publicKey: spki }, null, 2));
+            return { keypair: kp, source: 'persisted' };
+        }
+    }
+    return { keypair: generateKeyPairSync('ed25519'), source: 'generated' };
+}
+export const benchmarkCosignCommand = {
+    name: 'cosign',
+    description: 'Add a third-party co-signature to an entry in a benchmark ledger (Phase 24 M-of-N attestation)',
+    options: [
+        {
+            name: 'entry',
+            short: 'e',
+            type: 'number',
+            description: 'Entry sequence number to co-sign (1-based). Default: last entry.',
+        },
+        {
+            name: 'label',
+            short: 'l',
+            type: 'string',
+            description: 'Human-readable label for this signer (e.g. "third-party-verifier")',
+        },
+        {
+            name: 'out',
+            short: 'o',
+            type: 'string',
+            description: 'Output path for the updated ledger. Default: overwrite the input.',
+        },
+        {
+            name: 'key',
+            short: 'k',
+            type: 'string',
+            description: 'Path to a JSON keypair file (pkcs8 + spki hex). If missing, a fresh ephemeral key is generated; if path doesn\'t exist, a new key is generated and persisted there.',
+        },
+        {
+            name: 'all',
+            type: 'boolean',
+            description: 'Co-sign EVERY entry in the ledger (useful for batch attestation by a single signer).',
+            default: 'false',
+        },
+        {
+            name: 'json',
+            type: 'boolean',
+            description: 'Output JSON instead of human-readable',
+            default: 'false',
+        },
+    ],
+    examples: [
+        { command: 'ruflo benchmark cosign ledger.json --entry 11 --label "auditor-A"', description: 'Co-sign entry 11 with an ephemeral key' },
+        { command: 'ruflo benchmark cosign ledger.json --all --label "release-gate" --key ./auditor.key.json', description: 'Co-sign every entry with a persisted key' },
+        { command: 'ruflo benchmark cosign ledger.json -e 11 -o audited.json', description: 'Write the cosigned ledger to a new file' },
+    ],
+    action: async (ctx) => {
+        const pathArg = ctx.args[0];
+        const asJson = ctx.flags.json === true || ctx.flags.json === 'true';
+        const all = ctx.flags.all === true || ctx.flags.all === 'true';
+        const entryFlag = ctx.flags.entry !== undefined ? Number(ctx.flags.entry) : undefined;
+        const label = ctx.flags.label;
+        const outPath = ctx.flags.out;
+        const keyPath = ctx.flags.key;
+        if (!pathArg || typeof pathArg !== 'string') {
+            const err = 'usage: ruflo benchmark cosign <path-to-ledger.json> [--entry N | --all] [--label "name"] [--out path] [--key path] [--json]';
+            if (asJson)
+                output.printJson({ ok: false, error: err });
+            else
+                output.printError(err);
+            return { success: false, exitCode: 1 };
+        }
+        if (!all && entryFlag !== undefined && (!Number.isFinite(entryFlag) || entryFlag < 1)) {
+            const err = `--entry must be a positive integer, got: ${ctx.flags.entry}`;
+            if (asJson)
+                output.printJson({ ok: false, error: err });
+            else
+                output.printError(err);
+            return { success: false, exitCode: 1 };
+        }
+        const inPath = resolve(process.cwd(), pathArg);
+        let raw;
+        try {
+            raw = await fs.readFile(inPath, 'utf8');
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            if (asJson)
+                output.printJson({ ok: false, error: `cannot read ${inPath}: ${msg}` });
+            else
+                output.printError(`Cannot read ${inPath}: ${msg}`);
+            return { success: false, exitCode: 1 };
+        }
+        let ledger;
+        try {
+            ledger = JSON.parse(raw);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            if (asJson)
+                output.printJson({ ok: false, error: `not valid JSON: ${msg}` });
+            else
+                output.printError(`Not valid JSON: ${msg}`);
+            return { success: false, exitCode: 1 };
+        }
+        if (typeof ledger.version !== 'number' || !Array.isArray(ledger.entries) || ledger.entries.length === 0) {
+            const err = `not a benchmark ledger — expected { version: number, entries: [non-empty] }`;
+            if (asJson)
+                output.printJson({ ok: false, error: err });
+            else
+                output.printError(err);
+            return { success: false, exitCode: 1 };
+        }
+        // Load or generate the signing keypair.
+        const { keypair, source: keypairSource } = await loadOrGenerateKeypair(keyPath);
+        // Determine which entries to co-sign.
+        let targetIndices;
+        if (all) {
+            targetIndices = ledger.entries.map((_, i) => i);
+        }
+        else {
+            const seq = entryFlag ?? ledger.entries[ledger.entries.length - 1].sequence;
+            const idx = ledger.entries.findIndex(e => e.sequence === seq);
+            if (idx === -1) {
+                const err = `entry sequence ${seq} not found in ledger (chain has ${ledger.entries.length} entries with sequences 1..${ledger.entries.length})`;
+                if (asJson)
+                    output.printJson({ ok: false, error: err });
+                else
+                    output.printError(err);
+                return { success: false, exitCode: 1 };
+            }
+            targetIndices = [idx];
+        }
+        // Lazy-load the cosign primitive from the published embeddings package.
+        const { coSign } = await import('@claude-flow/embeddings/witness-ledger');
+        // Mutate a copy of the ledger.
+        const newEntries = ledger.entries.map((e, i) => targetIndices.includes(i)
+            ? coSign(e, keypair, label ? { signerLabel: label } : {})
+            : e);
+        const newLedger = { ...ledger, entries: newEntries };
+        // Write output.
+        const writePath = resolve(process.cwd(), outPath ?? pathArg);
+        await fs.writeFile(writePath, JSON.stringify(newLedger, null, 2));
+        const publicKeyHex = keypair.publicKey.export({ type: 'spki', format: 'der' }).toString('hex');
+        if (asJson) {
+            output.printJson({
+                ok: true,
+                inPath,
+                outPath: writePath,
+                entriesCosigned: targetIndices.length,
+                targetSequences: targetIndices.map(i => ledger.entries[i].sequence),
+                signerLabel: label ?? null,
+                publicKey: publicKeyHex,
+                keypairSource,
+            });
+            return { success: true, exitCode: 0 };
+        }
+        output.writeln();
+        output.writeln(output.bold(`Co-signed ${targetIndices.length} entr${targetIndices.length === 1 ? 'y' : 'ies'}`));
+        output.writeln(output.dim('─'.repeat(60)));
+        output.writeln(`  input:        ${inPath}`);
+        output.writeln(`  output:       ${writePath}`);
+        output.writeln(`  signer label: ${label ?? '(unlabeled)'}`);
+        output.writeln(`  signer pubkey: ${publicKeyHex.slice(0, 32)}...`);
+        output.writeln(`  keypair:      ${keypairSource}${keyPath ? ` → ${keyPath}` : ''}`);
+        output.writeln();
+        output.writeln('  entries:');
+        for (const i of targetIndices) {
+            const e = newEntries[i];
+            const cosigCount = Array.isArray(e.cosignatures) ? e.cosignatures.length : 0;
+            const hashShort = e.contentHash.slice(0, 12) + '…';
+            output.writeln(`    [${String(e.sequence).padStart(2)}] ${e.benchmark.padEnd(28)} now ${1 + cosigCount} sigs (${hashShort})`);
+        }
+        output.writeln();
+        output.writeln(`Next: verify the cosigned ledger with the new threshold:`);
+        output.writeln(output.dim(`  npx ruflo benchmark verify ${writePath} --threshold 2`));
+        output.writeln();
+        return { success: true, exitCode: 0 };
+    },
+};
+export default benchmarkCosignCommand;
+//# sourceMappingURL=benchmark-cosign.js.map

package/v3/@claude-flow/cli/dist/src/commands/benchmark.js

@@ -425,6 +425,8 @@ const allCommand = {
 // ============================================================================
 // ADR-121 Phase 25 — `benchmark verify` for the chained witness ledger.
 import { benchmarkVerifyCommand } from './benchmark-verify.js';
+// ADR-121 Phase 26 — `benchmark cosign` for M-of-N third-party attestation.
+import { benchmarkCosignCommand } from './benchmark-cosign.js';
 export const benchmarkCommand = {
     name: 'benchmark',
     description: 'Performance benchmarking for self-learning and neural systems',
@@ -434,6 +436,7 @@ export const benchmarkCommand = {
         memoryCommand,
         allCommand,
         benchmarkVerifyCommand,
+        benchmarkCosignCommand,
     ],
     examples: [
         { command: 'claude-flow benchmark pretrain', description: 'Benchmark pre-training system' },

package/v3/@claude-flow/cli/dist/src/init/claudemd-generator.js

@@ -19,49 +19,74 @@ function behavioralRules() {
 - Validate input at system boundaries`;
 }
 function agentComms() {
-    return `## Agent Comms (SendMessage-First Coordination)
+    return `## Agent Comms — Reality-Based Coordination
 
-Named agents coordinate via \`SendMessage\`, not polling or shared state.
+**Tool-availability asymmetry:** \`SendMessage\` works **lead↔subagent** and lead↔lead, but **NOT subagent↔subagent**. Subagents spawned via the \`Agent\` tool are stateless one-shot workers — they have no inbox, cannot wait for events, and \`SendMessage\`/\`TaskUpdate\` are typically not in their tool allowlists. The \`hive-mind_*\` MCP tools provide coordination **metadata** (registry, consensus state) but do NOT grant subagents communication channels. Patterns that assume peer messaging will silently fail — agents either abort cleanly or run open-loop with stale assumptions. (See ruvnet/ruflo#2028 for the diagnosis.)
+
+### Canonical pattern: memory-as-bus, lead-orchestrated phases
 
 \`\`\`
-Lead (you) ←→ architect ←→ developer ←→ tester ←→ reviewer
-              (named agents message each other directly)
+Lead (the orchestrator)
+  │
+  ├─ spawns agent → agent reads inputs from memory keys → writes outputs to memory keys → completes
+  │
+  ├─ verifies outputs in memory
+  │
+  └─ spawns next agent with explicit input-key list in its brief
 \`\`\`
 
-### Spawning a Coordinated Team
+All inter-agent state lives in a shared memory namespace (\`memory_store\` / \`memory_search\`). Lead-to-subagent \`SendMessage\` is fine when needed; subagent-to-subagent \`SendMessage\` is not.
+
+### Spawning rules
+
+- **Parallelize ONLY when work is genuinely independent** (no upstream dependency between siblings).
+- **Spawn dependent agents only after the lead confirms upstream outputs are in memory.** Do NOT tell a downstream agent to "WAIT for SendMessage from X" — it has no mechanism to wait; it will abort.
+- **Every subagent brief MUST include a degraded-mode paragraph** at the top: *"If your expected coordination tools (SendMessage, TaskUpdate, hive-mind_*) are missing, do NOT abort. Read these specific source files directly, write outputs to these specific memory keys, and complete your phase."*
+- **Name agents** — \`name: "role"\` makes them addressable by the lead even though they cannot address each other.
+- **After spawning**: STOP, tell user what's running, wait for completion notifications. No polling.
+
+### Spawning example (memory-as-bus)
 
 \`\`\`javascript
-// ALL agents in ONE message, each knows WHO to message next
-Agent({ prompt: "Research the codebase. SendMessage findings to 'architect'.",
-  subagent_type: "researcher", name: "researcher", run_in_background: true })
-Agent({ prompt: "Wait for 'researcher'. Design solution. SendMessage to 'coder'.",
-  subagent_type: "system-architect", name: "architect", run_in_background: true })
-Agent({ prompt: "Wait for 'architect'. Implement it. SendMessage to 'tester'.",
-  subagent_type: "coder", name: "coder", run_in_background: true })
-Agent({ prompt: "Wait for 'coder'. Write tests. SendMessage results to 'reviewer'.",
-  subagent_type: "tester", name: "tester", run_in_background: true })
-Agent({ prompt: "Wait for 'tester'. Review code quality and security.",
-  subagent_type: "reviewer", name: "reviewer", run_in_background: true })
-
-// Kick off the pipeline
-SendMessage({ to: "researcher", summary: "Start", message: "[task context]" })
+// Phase 1 — independent parallel work
+Agent({
+  prompt: "Read docs at <paths>. Write inventory JSON to memory key phase1/researcher/inventory in namespace <ns>. Degraded mode: if memory tools missing, return inventory in your final message.",
+  subagent_type: "researcher", name: "researcher", run_in_background: true
+})
+Agent({
+  prompt: "Walk the source tree. Write capability matrix to memory key phase1/coder/capability-matrix. Degraded mode: ...",
+  subagent_type: "coder", name: "source-reader", run_in_background: true
+})
+
+// AFTER both Phase 1 agents complete (lead verifies via memory_search), THEN spawn Phase 2.
+// Each Phase 2 agent's brief explicitly lists the Phase 1 memory keys it should read.
 \`\`\`
 
 ### Patterns
 
 | Pattern | Flow | Use When |
 |---------|------|----------|
-| **Pipeline** | A → B → C → D | Sequential dependencies (feature dev) |
-| **Fan-out** | Lead → A, B, C → Lead | Independent parallel work (research) |
-| **Supervisor** | Lead ↔ workers | Ongoing coordination (complex refactor) |
+| **Sequential pipeline** | Lead → A → (verify in memory) → B → (verify) → C | Phase dependencies (audit, complex refactor) |
+| **Fan-out** | Lead → A, B, C (parallel) → Lead aggregates from memory | Independent parallel work (research, multi-lens critique) |
+| **Lead-as-bus** | Subagents → Lead → reroute by spawning next | Workaround when supervisor↔workers coordination needed |
+
+### Anti-patterns (will silently fail)
 
-### Rules
+- "WAIT for SendMessage from X" in a subagent prompt — no mechanism to wait
+- "SendMessage findings to architect" in a subagent prompt — architect can't receive
+- Spawning N dependent agents in one batch expecting them to chain via messages — they won't
+- Relying on \`hive-mind_consensus\` to gather subagent votes — subagents aren't registered hive workers
 
-- ALWAYS name agents — \`name: "role"\` makes them addressable
-- ALWAYS include comms instructions in prompts — who to message, what to send
-- Spawn ALL agents in ONE message with \`run_in_background: true\`
-- After spawning: STOP, tell user what's running, wait for results
-- NEVER poll status — agents message back or complete automatically`;
+### Lead-only SendMessage (still works)
+
+\`SendMessage\` is still useful for **lead → subagent** redirects and priority changes:
+
+\`\`\`javascript
+// Lead → subagent: redirect or update priority mid-flight
+SendMessage({ to: "developer", summary: "Prioritize auth", message: "Auth is blocking tester, do that first." })
+// Lead → subagent: graceful shutdown
+SendMessage({ to: "developer", message: { type: "shutdown_request" } })
+\`\`\``;
 }
 function swarmConfig(options) {
     return `## Swarm & Routing

package/v3/@claude-flow/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@claude-flow/cli",
-  "version": "3.7.0-alpha.67",
+  "version": "3.7.0-alpha.69",
   "type": "module",
   "description": "Ruflo CLI - Enterprise AI agent orchestration with 60+ specialized agents, swarm coordination, MCP server, self-learning hooks, and vector memory for Claude Code",
   "main": "dist/src/index.js",

package/.claude/scheduled_tasks.lock

@@ -1 +0,0 @@
-{"sessionId":"1fc1a1cc-9310-4991-8a7d-832dbca9ebad","pid":8051,"procStart":"Sun May 17 12:50:14 2026","acquiredAt":1779051467717}