claude-flow 3.7.0 → 3.9.0

package/v3/@claude-flow/cli/dist/src/ruvector/agent-wasm.js

@@ -68,6 +68,10 @@ export async function createWasmAgent(config = {}) {
         max_turns: config.maxTurns ?? 50,
     });
     const agent = new mod.WasmAgent(configJson);
+    // ADR-129 P1 — wire JsModelProvider so the WASM runtime routes prompts
+    // through the v3 provider system instead of returning the echo stub.
+    // attachJsModelProvider is a no-op when no provider keys are set.
+    await attachJsModelProvider(agent, config);
     const id = generateId();
     const info = {
         id,
@@ -82,19 +86,52 @@ export async function createWasmAgent(config = {}) {
     agents.set(id, { agent, info });
     return info;
 }
+/**
+ * Wire a JsModelProvider to a freshly created WasmAgent so its internal
+ * conversation loop dispatches through the v3 provider system (ADR-129 P1).
+ *
+ * The callback bridges the JsModelProvider JSON contract to
+ * callAnthropicMessages, which already handles Anthropic / OpenRouter /
+ * Ollama routing via RUFLO_PROVIDER + key-presence precedence (#2042).
+ *
+ * Called once at agent-creation time; the provider stays attached for the
+ * agent's lifetime.  No-op (returns false) when no provider keys are
+ * configured so the echo-fallback path below is preserved for keyless
+ * environments.
+ */
+async function attachJsModelProvider(agent, config) {
+    const hasAny = !!(process.env.ANTHROPIC_API_KEY || process.env.OPENROUTER_API_KEY || process.env.OLLAMA_API_KEY);
+    if (!hasAny)
+        return false;
+    const mod = await import('@ruvector/rvagent-wasm');
+    const { callAnthropicMessages, resolveAnthropicModel } = await import('../mcp-tools/agent-execute-core.js');
+    const model = resolveAnthropicModel(config.model);
+    const systemPrompt = config.instructions || 'You are a helpful coding assistant running in a Ruflo WASM agent sandbox.';
+    const provider = new mod.JsModelProvider(async (messagesJson) => {
+        const messages = JSON.parse(messagesJson);
+        const lastUser = [...messages].reverse().find(m => m.role === 'user');
+        const prompt = lastUser?.content ?? messagesJson;
+        const result = await callAnthropicMessages({ prompt, systemPrompt, model, maxTokens: 2048 });
+        if (!result.success)
+            throw new Error(result.error ?? 'provider call failed');
+        return JSON.stringify({ role: 'assistant', content: result.output ?? '' });
+    });
+    agent.set_model_provider(provider);
+    return true;
+}
 /**
  * Send a prompt to a WASM agent.
  *
- * ADR-095 G4: the bundled @ruvector/rvagent-wasm doesn't actually run an
- * LLM — its prompt() method echoes input back as `"echo: <input>"`. We
- * detect that stub output and route the prompt through Anthropic's
- * Messages API so users get a real response. The WASM agent's sandbox
- * (virtual filesystem, tool execution) still works for non-LLM ops via
- * executeWasmTool — we're just patching the "talk to a model" hole.
+ * ADR-129 P1: JsModelProvider is now wired at creation time so the WASM
+ * agent's internal conversation loop (multi-turn state, turn_count,
+ * stop conditions) runs against a real LLM.  The echo-stub detection
+ * block is kept as a fallback for keyless environments (CI, sandboxed
+ * test runners) — behaviour is identical to the pre-P1 path when no
+ * provider key is set.
  *
- * If ANTHROPIC_API_KEY is not set, returns the stub output verbatim so
- * the failure mode is obvious to the caller (matches the previous
- * behaviour rather than throwing for users without keys configured).
+ * Billing note: every wasm_agent_prompt call with a provider key
+ * configured makes a billable LLM call.  Use a keyless environment to
+ * get the echo stub for cost-free sandboxing.
  */
 export async function promptWasmAgent(agentId, input) {
     const entry = agents.get(agentId);
@@ -105,30 +142,31 @@ export async function promptWasmAgent(agentId, input) {
         const wasmResult = await entry.agent.prompt(input);
         entry.info.state = 'idle';
         syncAgentInfo(entry);
-        // Detect the WASM echo stub.
+        // Detect the WASM echo stub (present when no JsModelProvider was
+        // attached, i.e. keyless environments).
         const isEchoStub = typeof wasmResult === 'string' &&
             (wasmResult === `echo: ${input}` || /^echo: /.test(wasmResult.slice(0, 12)));
         if (!isEchoStub) {
+            // JsModelProvider routed through the v3 provider system — return
+            // the real response.  turn_count was already incremented by the
+            // WASM runtime.
             return wasmResult;
         }
-        // Echo stub detected — route through a real LLM call.
-        if (!process.env.ANTHROPIC_API_KEY) {
-            // No key configured; surface the stub honestly with a hint.
-            return `${wasmResult}\n[NOTE: bundled WASM agent has no LLM; set ANTHROPIC_API_KEY to enable real responses via Anthropic Messages API]`;
+        // Echo stub path (keyless fallback — preserved from pre-P1 behaviour).
+        if (!process.env.ANTHROPIC_API_KEY && !process.env.OPENROUTER_API_KEY && !process.env.OLLAMA_API_KEY) {
+            return `${wasmResult}\n[NOTE: bundled WASM agent has no LLM; set ANTHROPIC_API_KEY (or OPENROUTER_API_KEY / OLLAMA_API_KEY) to enable real responses via the v3 provider system]`;
         }
+        // Key present but provider was not attached at creation time (e.g.
+        // agent created before a key was set in the environment).  Fall
+        // through to a direct callAnthropicMessages call as a best-effort
+        // recovery.
         const { callAnthropicMessages, resolveAnthropicModel } = await import('../mcp-tools/agent-execute-core.js');
         const model = resolveAnthropicModel(entry.info.config.model);
         const systemPrompt = entry.info.config.instructions || 'You are a helpful coding assistant running in a Ruflo WASM agent sandbox.';
-        const result = await callAnthropicMessages({
-            prompt: input,
-            systemPrompt,
-            model,
-            maxTokens: 2048,
-        });
+        const result = await callAnthropicMessages({ prompt: input, systemPrompt, model, maxTokens: 2048 });
         if (!result.success) {
-            return `${wasmResult}\n[NOTE: bundled WASM agent has no LLM; Anthropic fallback failed: ${result.error}]`;
+            return `${wasmResult}\n[NOTE: bundled WASM agent has no LLM; provider fallback failed: ${result.error}]`;
         }
-        // Return the real LLM output, not the echo stub.
         return result.output ?? '';
     }
     catch (err) {
@@ -318,10 +356,12 @@ export async function createAgentFromTemplate(templateId) {
         model: undefined, // Use default
     });
 }
-// ── RVF Container Operations ─────────────────────────────────
 /**
- * Build an RVF container with prompts, tools, and skills.
- * Uses the high-level RVF builder API (addPrompt, addTool, addSkill).
+ * Build an RVF container with prompts, tools, skills, and MCP tool descriptors.
+ * Uses the high-level RVF builder API (addPrompt, addTool, addSkill, addMcpTools).
+ *
+ * ADR-129 P2: mcpTools parameter wires builder.addMcpTools() so that
+ * composed agents can declare which of ruflo's 314 MCP tools they need.
  */
 export async function buildRvfContainer(opts) {
     await initAgentWasm();
@@ -336,10 +376,78 @@ export async function buildRvfContainer(opts) {
     for (const s of opts.skills ?? []) {
         builder.addSkill(JSON.stringify(s));
     }
+    // ADR-129 P2: pass MCP tool descriptors into the RVF container so
+    // composed agents know which tools are available via the MCP server.
+    if (opts.mcpTools && opts.mcpTools.length > 0) {
+        builder.addMcpTools(JSON.stringify(opts.mcpTools));
+    }
     return builder.build();
 }
+// ── ADR-129 P3 — Additional gallery methods ──────────────────────────────────
+/** Load a template as raw RVF bytes. */
+export async function galleryLoadRvf(id) {
+    const gallery = await getGallery();
+    return gallery.loadRvf(id);
+}
+/** Apply configuration overrides to the active template. */
+export async function galleryConfigure(configJson) {
+    const gallery = await getGallery();
+    gallery.configure(configJson);
+}
+/** List templates filtered by category. */
+export async function galleryListByCategory(category) {
+    const gallery = await getGallery();
+    return gallery.listByCategory(category);
+}
+/** Add a custom template to the gallery. */
+export async function galleryAddCustom(templateJson) {
+    const gallery = await getGallery();
+    gallery.addCustom(templateJson);
+}
+/** Remove a custom template by ID. */
+export async function galleryRemoveCustom(id) {
+    const gallery = await getGallery();
+    gallery.removeCustom(id);
+}
+/** Import custom templates from JSON. Returns the count imported. */
+export async function galleryImportCustom(templatesJson) {
+    const gallery = await getGallery();
+    return gallery.importCustom(templatesJson);
+}
+/** Export all custom templates as JSON. */
+export async function galleryExportCustom() {
+    const gallery = await getGallery();
+    return gallery.exportCustom();
+}
+/** Get the currently active template ID. */
+export async function galleryGetActive() {
+    const gallery = await getGallery();
+    return gallery.getActive();
+}
+/** Get configuration overrides for the active template. */
+export async function galleryGetConfig() {
+    const gallery = await getGallery();
+    return gallery.getConfig();
+}
+/** Reset a WASM agent — clears messages and turn count. */
+export function resetWasmAgent(agentId) {
+    const entry = agents.get(agentId);
+    if (!entry)
+        return false;
+    try {
+        entry.agent.reset();
+        syncAgentInfo(entry);
+    }
+    catch { /* best-effort */ }
+    return true;
+}
 /**
  * Build an RVF container from a gallery template.
+ *
+ * ADR-129 P2: template.mcp_tools is now passed to buildRvfContainer so it
+ * is included via builder.addMcpTools().  Previously these descriptors were
+ * silently dropped, leaving gallery-template agents unable to declare their
+ * intended MCP tool access.
  */
 export async function buildRvfFromTemplate(templateId) {
     const template = await getGalleryTemplate(templateId);
@@ -349,6 +457,7 @@ export async function buildRvfFromTemplate(templateId) {
         prompts: template.prompts,
         tools: template.tools,
         skills: template.skills,
+        mcpTools: template.mcp_tools, // ADR-129 P2: was silently dropped
     });
 }
 //# sourceMappingURL=agent-wasm.js.map

package/v3/@claude-flow/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@claude-flow/cli",
-  "version": "3.7.0",
+  "version": "3.9.0",
   "type": "module",
   "description": "Ruflo CLI - Enterprise AI agent orchestration with 60+ specialized agents, swarm coordination, MCP server, self-learning hooks, and vector memory for Claude Code",
   "main": "dist/src/index.js",

package/v3/@claude-flow/cli/dist/src/__probe.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=__probe.d.ts.map

package/v3/@claude-flow/cli/dist/src/__probe.js

@@ -1,5 +0,0 @@
-import * as e from '@claude-flow/embeddings';
-const fn = e.mmrRerank;
-const f2 = e.averagePairwiseSimilarity;
-console.log(fn, f2);
-//# sourceMappingURL=__probe.js.map

package/v3/@claude-flow/cli/dist/src/commands/benchmark-cosign.d.ts

@@ -1,29 +0,0 @@
-/**
- * ADR-121 Phase 26 — `ruflo benchmark cosign` CLI subcommand.
- *
- * Phase 24 shipped the M-of-N cryptographic primitive (`coSign()`).
- * Phase 25 shipped the consumer-facing verify command. This phase
- * closes the loop with the **third-party-verifier workflow**:
- *
- *   # vendor publishes ledger.json + a benchmark claim
- *   # third party reviews + co-signs
- *   npx ruflo benchmark cosign vendor-ledger.json \
- *       --entry 11 \
- *       --label "independent-auditor" \
- *       --out audited-ledger.json
- *
- *   # downstream consumers check the audited ledger requires
- *   # two signatures per entry
- *   npx ruflo benchmark verify audited-ledger.json --threshold 2
- *
- * Auto-generates an ephemeral Ed25519 keypair (writes the public
- * key alongside the cosignature in the output ledger; private key
- * not persisted by default). Pass `--key <path>` to persist the
- * keypair (or read from a previously-persisted file) so the same
- * signer can attest multiple entries / multiple ledgers with a
- * stable identity.
- */
-import type { Command } from '../types.js';
-export declare const benchmarkCosignCommand: Command;
-export default benchmarkCosignCommand;
-//# sourceMappingURL=benchmark-cosign.d.ts.map

package/v3/@claude-flow/cli/dist/src/commands/benchmark-cosign.js

@@ -1,222 +0,0 @@
-/**
- * ADR-121 Phase 26 — `ruflo benchmark cosign` CLI subcommand.
- *
- * Phase 24 shipped the M-of-N cryptographic primitive (`coSign()`).
- * Phase 25 shipped the consumer-facing verify command. This phase
- * closes the loop with the **third-party-verifier workflow**:
- *
- *   # vendor publishes ledger.json + a benchmark claim
- *   # third party reviews + co-signs
- *   npx ruflo benchmark cosign vendor-ledger.json \
- *       --entry 11 \
- *       --label "independent-auditor" \
- *       --out audited-ledger.json
- *
- *   # downstream consumers check the audited ledger requires
- *   # two signatures per entry
- *   npx ruflo benchmark verify audited-ledger.json --threshold 2
- *
- * Auto-generates an ephemeral Ed25519 keypair (writes the public
- * key alongside the cosignature in the output ledger; private key
- * not persisted by default). Pass `--key <path>` to persist the
- * keypair (or read from a previously-persisted file) so the same
- * signer can attest multiple entries / multiple ledgers with a
- * stable identity.
- */
-import { promises as fs } from 'node:fs';
-import { resolve } from 'node:path';
-import { generateKeyPairSync, createPrivateKey, createPublicKey } from 'node:crypto';
-import { output } from '../output.js';
-async function loadOrGenerateKeypair(keyPath) {
-    if (keyPath) {
-        const abs = resolve(process.cwd(), keyPath);
-        try {
-            const raw = await fs.readFile(abs, 'utf8');
-            const parsed = JSON.parse(raw);
-            const privateKey = createPrivateKey({ key: Buffer.from(parsed.privateKey, 'hex'), format: 'der', type: 'pkcs8' });
-            const publicKey = createPublicKey({ key: Buffer.from(parsed.publicKey, 'hex'), format: 'der', type: 'spki' });
-            return { keypair: { privateKey, publicKey }, source: 'loaded' };
-        }
-        catch (err) {
-            // File doesn't exist yet — generate a fresh keypair and persist it.
-            const kp = generateKeyPairSync('ed25519');
-            const pkcs8 = kp.privateKey.export({ type: 'pkcs8', format: 'der' }).toString('hex');
-            const spki = kp.publicKey.export({ type: 'spki', format: 'der' }).toString('hex');
-            await fs.writeFile(abs, JSON.stringify({ privateKey: pkcs8, publicKey: spki }, null, 2));
-            return { keypair: kp, source: 'persisted' };
-        }
-    }
-    return { keypair: generateKeyPairSync('ed25519'), source: 'generated' };
-}
-export const benchmarkCosignCommand = {
-    name: 'cosign',
-    description: 'Add a third-party co-signature to an entry in a benchmark ledger (Phase 24 M-of-N attestation)',
-    options: [
-        {
-            name: 'entry',
-            short: 'e',
-            type: 'number',
-            description: 'Entry sequence number to co-sign (1-based). Default: last entry.',
-        },
-        {
-            name: 'label',
-            short: 'l',
-            type: 'string',
-            description: 'Human-readable label for this signer (e.g. "third-party-verifier")',
-        },
-        {
-            name: 'out',
-            short: 'o',
-            type: 'string',
-            description: 'Output path for the updated ledger. Default: overwrite the input.',
-        },
-        {
-            name: 'key',
-            short: 'k',
-            type: 'string',
-            description: 'Path to a JSON keypair file (pkcs8 + spki hex). If missing, a fresh ephemeral key is generated; if path doesn\'t exist, a new key is generated and persisted there.',
-        },
-        {
-            name: 'all',
-            type: 'boolean',
-            description: 'Co-sign EVERY entry in the ledger (useful for batch attestation by a single signer).',
-            default: 'false',
-        },
-        {
-            name: 'json',
-            type: 'boolean',
-            description: 'Output JSON instead of human-readable',
-            default: 'false',
-        },
-    ],
-    examples: [
-        { command: 'ruflo benchmark cosign ledger.json --entry 11 --label "auditor-A"', description: 'Co-sign entry 11 with an ephemeral key' },
-        { command: 'ruflo benchmark cosign ledger.json --all --label "release-gate" --key ./auditor.key.json', description: 'Co-sign every entry with a persisted key' },
-        { command: 'ruflo benchmark cosign ledger.json -e 11 -o audited.json', description: 'Write the cosigned ledger to a new file' },
-    ],
-    action: async (ctx) => {
-        const pathArg = ctx.args[0];
-        const asJson = ctx.flags.json === true || ctx.flags.json === 'true';
-        const all = ctx.flags.all === true || ctx.flags.all === 'true';
-        const entryFlag = ctx.flags.entry !== undefined ? Number(ctx.flags.entry) : undefined;
-        const label = ctx.flags.label;
-        const outPath = ctx.flags.out;
-        const keyPath = ctx.flags.key;
-        if (!pathArg || typeof pathArg !== 'string') {
-            const err = 'usage: ruflo benchmark cosign <path-to-ledger.json> [--entry N | --all] [--label "name"] [--out path] [--key path] [--json]';
-            if (asJson)
-                output.printJson({ ok: false, error: err });
-            else
-                output.printError(err);
-            return { success: false, exitCode: 1 };
-        }
-        if (!all && entryFlag !== undefined && (!Number.isFinite(entryFlag) || entryFlag < 1)) {
-            const err = `--entry must be a positive integer, got: ${ctx.flags.entry}`;
-            if (asJson)
-                output.printJson({ ok: false, error: err });
-            else
-                output.printError(err);
-            return { success: false, exitCode: 1 };
-        }
-        const inPath = resolve(process.cwd(), pathArg);
-        let raw;
-        try {
-            raw = await fs.readFile(inPath, 'utf8');
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            if (asJson)
-                output.printJson({ ok: false, error: `cannot read ${inPath}: ${msg}` });
-            else
-                output.printError(`Cannot read ${inPath}: ${msg}`);
-            return { success: false, exitCode: 1 };
-        }
-        let ledger;
-        try {
-            ledger = JSON.parse(raw);
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            if (asJson)
-                output.printJson({ ok: false, error: `not valid JSON: ${msg}` });
-            else
-                output.printError(`Not valid JSON: ${msg}`);
-            return { success: false, exitCode: 1 };
-        }
-        if (typeof ledger.version !== 'number' || !Array.isArray(ledger.entries) || ledger.entries.length === 0) {
-            const err = `not a benchmark ledger — expected { version: number, entries: [non-empty] }`;
-            if (asJson)
-                output.printJson({ ok: false, error: err });
-            else
-                output.printError(err);
-            return { success: false, exitCode: 1 };
-        }
-        // Load or generate the signing keypair.
-        const { keypair, source: keypairSource } = await loadOrGenerateKeypair(keyPath);
-        // Determine which entries to co-sign.
-        let targetIndices;
-        if (all) {
-            targetIndices = ledger.entries.map((_, i) => i);
-        }
-        else {
-            const seq = entryFlag ?? ledger.entries[ledger.entries.length - 1].sequence;
-            const idx = ledger.entries.findIndex(e => e.sequence === seq);
-            if (idx === -1) {
-                const err = `entry sequence ${seq} not found in ledger (chain has ${ledger.entries.length} entries with sequences 1..${ledger.entries.length})`;
-                if (asJson)
-                    output.printJson({ ok: false, error: err });
-                else
-                    output.printError(err);
-                return { success: false, exitCode: 1 };
-            }
-            targetIndices = [idx];
-        }
-        // Lazy-load the cosign primitive from the published embeddings package.
-        const { coSign } = await import('@claude-flow/embeddings/witness-ledger');
-        // Mutate a copy of the ledger.
-        const newEntries = ledger.entries.map((e, i) => targetIndices.includes(i)
-            ? coSign(e, keypair, label ? { signerLabel: label } : {})
-            : e);
-        const newLedger = { ...ledger, entries: newEntries };
-        // Write output.
-        const writePath = resolve(process.cwd(), outPath ?? pathArg);
-        await fs.writeFile(writePath, JSON.stringify(newLedger, null, 2));
-        const publicKeyHex = keypair.publicKey.export({ type: 'spki', format: 'der' }).toString('hex');
-        if (asJson) {
-            output.printJson({
-                ok: true,
-                inPath,
-                outPath: writePath,
-                entriesCosigned: targetIndices.length,
-                targetSequences: targetIndices.map(i => ledger.entries[i].sequence),
-                signerLabel: label ?? null,
-                publicKey: publicKeyHex,
-                keypairSource,
-            });
-            return { success: true, exitCode: 0 };
-        }
-        output.writeln();
-        output.writeln(output.bold(`Co-signed ${targetIndices.length} entr${targetIndices.length === 1 ? 'y' : 'ies'}`));
-        output.writeln(output.dim('─'.repeat(60)));
-        output.writeln(`  input:        ${inPath}`);
-        output.writeln(`  output:       ${writePath}`);
-        output.writeln(`  signer label: ${label ?? '(unlabeled)'}`);
-        output.writeln(`  signer pubkey: ${publicKeyHex.slice(0, 32)}...`);
-        output.writeln(`  keypair:      ${keypairSource}${keyPath ? ` → ${keyPath}` : ''}`);
-        output.writeln();
-        output.writeln('  entries:');
-        for (const i of targetIndices) {
-            const e = newEntries[i];
-            const cosigCount = Array.isArray(e.cosignatures) ? e.cosignatures.length : 0;
-            const hashShort = e.contentHash.slice(0, 12) + '…';
-            output.writeln(`    [${String(e.sequence).padStart(2)}] ${e.benchmark.padEnd(28)} now ${1 + cosigCount} sigs (${hashShort})`);
-        }
-        output.writeln();
-        output.writeln(`Next: verify the cosigned ledger with the new threshold:`);
-        output.writeln(output.dim(`  npx ruflo benchmark verify ${writePath} --threshold 2`));
-        output.writeln();
-        return { success: true, exitCode: 0 };
-    },
-};
-export default benchmarkCosignCommand;
-//# sourceMappingURL=benchmark-cosign.js.map

package/v3/@claude-flow/cli/dist/src/commands/benchmark-verify.d.ts

@@ -1,21 +0,0 @@
-/**
- * ADR-121 Phase 25 — `ruflo benchmark verify` CLI subcommand.
- *
- * Makes the Phase 15-24 witness story end-user-accessible. Anyone
- * publishing benchmark numbers with a witness manifest (single
- * `.json`) or a chained ledger (`bench-witness/ledger.json`) can
- * tell consumers:
- *
- *   npx ruflo benchmark verify ./ledger.json
- *
- * The command auto-detects whether the input is a single witness or
- * a ledger (presence of `version` + `entries[]` → ledger), runs the
- * appropriate verifier, and prints a human-readable or JSON report.
- *
- * For Phase 24 multi-signer entries, pass `--threshold N` to require
- * N or more valid signatures per entry.
- */
-import type { Command } from '../types.js';
-export declare const benchmarkVerifyCommand: Command;
-export default benchmarkVerifyCommand;
-//# sourceMappingURL=benchmark-verify.d.ts.map