mindforge-cc 11.5.0 → 11.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/mindforge/skill-tdd.md +53 -0
- package/.agent/mindforge/skills-index.md +118 -0
- package/.agent/mindforge/systematic-debug.md +60 -0
- package/.agent/skills/1password-skill/SKILL.md +156 -0
- package/.agent/skills/1password-skill/references/cli-examples.md +31 -0
- package/.agent/skills/1password-skill/references/get-started.md +21 -0
- package/.agent/skills/article-illustrator/SKILL.md +199 -0
- package/.agent/skills/article-illustrator/references/prompt-construction.md +426 -0
- package/.agent/skills/article-illustrator/references/style-presets.md +80 -0
- package/.agent/skills/article-illustrator/references/styles.md +224 -0
- package/.agent/skills/article-illustrator/references/usage.md +50 -0
- package/.agent/skills/article-illustrator/references/workflow.md +332 -0
- package/.agent/skills/arxiv/SKILL.md +275 -0
- package/.agent/skills/blogwatcher/SKILL.md +130 -0
- package/.agent/skills/code-wiki/SKILL.md +438 -0
- package/.agent/skills/code-wiki/templates/README.md +31 -0
- package/.agent/skills/code-wiki/templates/architecture.md +30 -0
- package/.agent/skills/code-wiki/templates/getting-started.md +47 -0
- package/.agent/skills/code-wiki/templates/module.md +38 -0
- package/.agent/skills/codebase-inspection/SKILL.md +109 -0
- package/.agent/skills/comic-creator/SKILL.md +240 -0
- package/.agent/skills/comic-creator/references/analysis-framework.md +176 -0
- package/.agent/skills/comic-creator/references/auto-selection.md +71 -0
- package/.agent/skills/comic-creator/references/base-prompt.md +98 -0
- package/.agent/skills/comic-creator/references/character-template.md +180 -0
- package/.agent/skills/comic-creator/references/ohmsha-guide.md +85 -0
- package/.agent/skills/comic-creator/references/partial-workflows.md +106 -0
- package/.agent/skills/comic-creator/references/storyboard-template.md +143 -0
- package/.agent/skills/comic-creator/references/workflow.md +401 -0
- package/.agent/skills/concept-diagrams/SKILL.md +355 -0
- package/.agent/skills/concept-diagrams/references/dashboard-patterns.md +43 -0
- package/.agent/skills/concept-diagrams/references/infrastructure-patterns.md +144 -0
- package/.agent/skills/concept-diagrams/references/physical-shape-cookbook.md +42 -0
- package/.agent/skills/creative-ideation/SKILL.md +144 -0
- package/.agent/skills/creative-ideation/references/full-prompt-library.md +110 -0
- package/.agent/skills/devops-cli/SKILL.md +149 -0
- package/.agent/skills/devops-cli/references/app-discovery.md +112 -0
- package/.agent/skills/devops-cli/references/authentication.md +59 -0
- package/.agent/skills/devops-cli/references/cli-reference.md +104 -0
- package/.agent/skills/devops-cli/references/running-apps.md +171 -0
- package/.agent/skills/devops-watchers/SKILL.md +103 -0
- package/.agent/skills/docker-management/SKILL.md +273 -0
- package/.agent/skills/domain-intel/SKILL.md +96 -0
- package/.agent/skills/duckduckgo-search/SKILL.md +230 -0
- package/.agent/skills/github-auth/SKILL.md +240 -0
- package/.agent/skills/github-code-review/SKILL.md +474 -0
- package/.agent/skills/github-code-review/references/review-output-template.md +74 -0
- package/.agent/skills/github-issues/SKILL.md +363 -0
- package/.agent/skills/github-issues/templates/bug-report.md +35 -0
- package/.agent/skills/github-issues/templates/feature-request.md +31 -0
- package/.agent/skills/github-pr-workflow/SKILL.md +360 -0
- package/.agent/skills/github-pr-workflow/references/ci-troubleshooting.md +183 -0
- package/.agent/skills/github-pr-workflow/references/conventional-commits.md +71 -0
- package/.agent/skills/github-pr-workflow/templates/pr-body-bugfix.md +35 -0
- package/.agent/skills/github-pr-workflow/templates/pr-body-feature.md +33 -0
- package/.agent/skills/github-repo-management/SKILL.md +509 -0
- package/.agent/skills/github-repo-management/references/github-api-cheatsheet.md +161 -0
- package/.agent/skills/godmode/SKILL.md +396 -0
- package/.agent/skills/godmode/references/jailbreak-templates.md +128 -0
- package/.agent/skills/godmode/references/refusal-detection.md +142 -0
- package/.agent/skills/hyperframes/SKILL.md +182 -0
- package/.agent/skills/hyperframes/references/cli.md +185 -0
- package/.agent/skills/hyperframes/references/composition.md +129 -0
- package/.agent/skills/hyperframes/references/features.md +289 -0
- package/.agent/skills/hyperframes/references/gsap.md +136 -0
- package/.agent/skills/hyperframes/references/troubleshooting.md +137 -0
- package/.agent/skills/hyperframes/references/website-to-video.md +145 -0
- package/.agent/skills/jupyter-live-kernel/SKILL.md +160 -0
- package/.agent/skills/kanban-orchestrator/SKILL.md +209 -0
- package/.agent/skills/kanban-worker/SKILL.md +188 -0
- package/.agent/skills/llm-wiki/SKILL.md +499 -0
- package/.agent/skills/meme-generation/SKILL.md +122 -0
- package/.agent/skills/node-inspect-debugger/SKILL.md +312 -0
- package/.agent/skills/obsidian/SKILL.md +60 -0
- package/.agent/skills/osint-investigation/SKILL.md +269 -0
- package/.agent/skills/osint-investigation/templates/source-template.md +59 -0
- package/.agent/skills/oss-forensics/SKILL.md +422 -0
- package/.agent/skills/oss-forensics/references/evidence-types.md +89 -0
- package/.agent/skills/oss-forensics/references/github-archive-guide.md +184 -0
- package/.agent/skills/oss-forensics/references/investigation-templates.md +131 -0
- package/.agent/skills/oss-forensics/references/recovery-techniques.md +164 -0
- package/.agent/skills/oss-forensics/templates/forensic-report.md +151 -0
- package/.agent/skills/oss-forensics/templates/malicious-package-report.md +43 -0
- package/.agent/skills/parallel-cli/SKILL.md +384 -0
- package/.agent/skills/pinggy-tunnel/SKILL.md +302 -0
- package/.agent/skills/pixel-art/SKILL.md +209 -0
- package/.agent/skills/pixel-art/references/palettes.md +49 -0
- package/.agent/skills/plan/SKILL.md +331 -0
- package/.agent/skills/polymarket/SKILL.md +75 -0
- package/.agent/skills/polymarket/references/api-endpoints.md +220 -0
- package/.agent/skills/python-debugpy/SKILL.md +368 -0
- package/.agent/skills/requesting-code-review/SKILL.md +273 -0
- package/.agent/skills/research-paper-writing/SKILL.md +2367 -0
- package/.agent/skills/research-paper-writing/references/autoreason-methodology.md +394 -0
- package/.agent/skills/research-paper-writing/references/checklists.md +434 -0
- package/.agent/skills/research-paper-writing/references/citation-workflow.md +563 -0
- package/.agent/skills/research-paper-writing/references/experiment-patterns.md +728 -0
- package/.agent/skills/research-paper-writing/references/human-evaluation.md +476 -0
- package/.agent/skills/research-paper-writing/references/paper-types.md +481 -0
- package/.agent/skills/research-paper-writing/references/reviewer-guidelines.md +433 -0
- package/.agent/skills/research-paper-writing/references/sources.md +191 -0
- package/.agent/skills/research-paper-writing/references/writing-guide.md +474 -0
- package/.agent/skills/research-paper-writing/templates/README.md +251 -0
- package/.agent/skills/rest-graphql-debug/SKILL.md +507 -0
- package/.agent/skills/s6-container-supervision/SKILL.md +171 -0
- package/.agent/skills/scrapling/SKILL.md +328 -0
- package/.agent/skills/sherlock/SKILL.md +186 -0
- package/.agent/skills/simplify-code/SKILL.md +168 -0
- package/.agent/skills/skill-authoring/SKILL.md +158 -0
- package/.agent/skills/spike/SKILL.md +190 -0
- package/.agent/skills/subagent-driven-development/SKILL.md +345 -0
- package/.agent/skills/subagent-driven-development/references/context-budget-discipline.md +53 -0
- package/.agent/skills/subagent-driven-development/references/gates-taxonomy.md +93 -0
- package/.agent/skills/systematic-debugging/SKILL.md +360 -0
- package/.agent/skills/test-driven-development/SKILL.md +336 -0
- package/.agent/skills/video-orchestrator/SKILL.md +194 -0
- package/.agent/skills/video-orchestrator/references/examples.md +227 -0
- package/.agent/skills/video-orchestrator/references/intake.md +166 -0
- package/.agent/skills/video-orchestrator/references/kanban-setup.md +278 -0
- package/.agent/skills/video-orchestrator/references/monitoring.md +180 -0
- package/.agent/skills/video-orchestrator/references/role-archetypes.md +298 -0
- package/.agent/skills/video-orchestrator/references/tool-matrix.md +317 -0
- package/.agent/skills/web-pentest/SKILL.md +332 -0
- package/.agent/skills/web-pentest/references/bypass-techniques.md +133 -0
- package/.agent/skills/web-pentest/references/exploitation-techniques.md +204 -0
- package/.agent/skills/web-pentest/references/scope-enforcement.md +110 -0
- package/.agent/skills/web-pentest/references/vuln-taxonomy.md +81 -0
- package/.agent/skills/web-pentest/templates/authorization.md +69 -0
- package/.agent/skills/web-pentest/templates/pentest-report.md +178 -0
- package/.claude/commands/mindforge/skill-tdd.md +53 -0
- package/.claude/commands/mindforge/skills-index.md +118 -0
- package/.claude/commands/mindforge/systematic-debug.md +60 -0
- package/.mindforge/config.json +2 -2
- package/.mindforge/memory/sync-manifest.json +1 -1
- package/.mindforge/skills/arxiv/SKILL.md +294 -0
- package/.mindforge/skills/blogwatcher/SKILL.md +147 -0
- package/.mindforge/skills/code-wiki/SKILL.md +457 -0
- package/.mindforge/skills/codebase-inspection/SKILL.md +126 -0
- package/.mindforge/skills/concept-diagrams/SKILL.md +373 -0
- package/.mindforge/skills/creative-ideation/SKILL.md +162 -0
- package/.mindforge/skills/domain-intel/SKILL.md +116 -0
- package/.mindforge/skills/duckduckgo-search/SKILL.md +249 -0
- package/.mindforge/skills/github-code-review/SKILL.md +493 -0
- package/.mindforge/skills/github-issues/SKILL.md +382 -0
- package/.mindforge/skills/github-pr-workflow/SKILL.md +379 -0
- package/.mindforge/skills/jupyter-live-kernel/SKILL.md +179 -0
- package/.mindforge/skills/kanban-orchestrator/SKILL.md +227 -0
- package/.mindforge/skills/kanban-worker/SKILL.md +206 -0
- package/.mindforge/skills/meme-generation/SKILL.md +141 -0
- package/.mindforge/skills/obsidian/SKILL.md +80 -0
- package/.mindforge/skills/osint-investigation/SKILL.md +288 -0
- package/.mindforge/skills/oss-forensics/SKILL.md +421 -0
- package/.mindforge/skills/pixel-art/SKILL.md +228 -0
- package/.mindforge/skills/plan/SKILL.md +350 -0
- package/.mindforge/skills/requesting-code-review/SKILL.md +292 -0
- package/.mindforge/skills/research-paper-writing/SKILL.md +2384 -0
- package/.mindforge/skills/scrapling/SKILL.md +345 -0
- package/.mindforge/skills/sherlock/SKILL.md +203 -0
- package/.mindforge/skills/simplify-code/SKILL.md +187 -0
- package/.mindforge/skills/spike/SKILL.md +209 -0
- package/.mindforge/skills/subagent-driven-development/SKILL.md +364 -0
- package/.mindforge/skills/systematic-debugging/SKILL.md +379 -0
- package/.mindforge/skills/test-driven-development/SKILL.md +355 -0
- package/.mindforge/skills/web-pentest/SKILL.md +327 -0
- package/CHANGELOG.md +88 -0
- package/MINDFORGE.md +3 -3
- package/README.md +38 -3
- package/RELEASENOTES.md +100 -0
- package/bin/dashboard/api-router.js +10 -1
- package/bin/governance/approve.js +5 -1
- package/bin/memory/federated-sync.js +11 -2
- package/bin/memory/knowledge-capture.js +10 -1
- package/bin/memory/pillar-health-tracker.js +9 -1
- package/bin/review/ads-engine.js +2 -2
- package/bin/security/trust-boundaries.js +5 -0
- package/docs/getting-started.md +42 -5
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,93 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [11.6.0] - 2026-06-17 — Skill Forge
|
|
4
|
+
|
|
5
|
+
Largest single skill expansion in MindForge's history. Adds 80 community-sourced skills across 8 engineering domains with zero external attribution in any committed file. 30 skills are promoted to the engine tier for automatic trigger-matching; 50 live in the extended tier for explicit activation. Three new slash commands complete the discovery surface.
|
|
6
|
+
|
|
7
|
+
### Added
|
|
8
|
+
|
|
9
|
+
- **Engine-tier skills (auto-trigger, `.mindforge/skills/`)** — 30 new skills activated automatically when task description matches trigger phrases:
|
|
10
|
+
- *Software development:* `systematic-debugging` (4-phase root-cause methodology), `test-driven-development` (RED-GREEN-REFACTOR), `plan` (implementation planning), `simplify-code`, `requesting-code-review`, `spike`, `subagent-driven-development`, `code-wiki`
|
|
11
|
+
- *DevOps & orchestration:* `kanban-orchestrator`, `kanban-worker` (multi-agent task routing)
|
|
12
|
+
- *GitHub workflows:* `github-code-review`, `github-pr-workflow`, `github-issues`, `codebase-inspection`
|
|
13
|
+
- *Research & intelligence:* `research-paper-writing`, `arxiv`, `osint-investigation`, `domain-intel`, `duckduckgo-search`, `scrapling`, `blogwatcher`
|
|
14
|
+
- *Creative:* `concept-diagrams` (SVG educational visuals), `creative-ideation`, `pixel-art`, `meme-generation`
|
|
15
|
+
- *Security:* `web-pentest` (authorized penetration testing), `oss-forensics`, `sherlock`
|
|
16
|
+
- *Data-science & note-taking:* `jupyter-live-kernel`, `obsidian`
|
|
17
|
+
|
|
18
|
+
- **Extended-tier skills (explicit activation, `.agent/skills/`)** — 20 additional skills beyond the promoted 30:
|
|
19
|
+
- *Software development:* `node-inspect-debugger`, `python-debugpy`, `skill-authoring`, `rest-graphql-debug`
|
|
20
|
+
- *GitHub:* `github-auth`, `github-repo-management`
|
|
21
|
+
- *DevOps:* `docker-management`, `devops-cli`, `devops-watchers`, `pinggy-tunnel`, `s6-container-supervision`
|
|
22
|
+
- *Research:* `llm-wiki`, `polymarket`, `parallel-cli`
|
|
23
|
+
- *Security:* `godmode`, `1password-skill`
|
|
24
|
+
- *Creative:* `hyperframes`, `article-illustrator`, `comic-creator`, `video-orchestrator`
|
|
25
|
+
|
|
26
|
+
- **3 new slash commands:**
|
|
27
|
+
- `/mindforge:systematic-debug` — 4-phase root-cause debugging (no fixes without RCA)
|
|
28
|
+
- `/mindforge:skill-tdd` — strict RED-GREEN-REFACTOR TDD enforcement
|
|
29
|
+
- `/mindforge:skills-index` — browseable catalog of all 153 skills grouped by category
|
|
30
|
+
|
|
31
|
+
### Changed
|
|
32
|
+
|
|
33
|
+
- `tests/install.test.js` — added `hermes-agent` to secret-scanner skip list (gitignored donor directory)
|
|
34
|
+
- `CLAUDE.md` — new **Extended Skill Library** section documents both skill tiers, trigger mechanics, and bulk import pattern
|
|
35
|
+
|
|
36
|
+
### Skill counts
|
|
37
|
+
|
|
38
|
+
| Tier | Before | After |
|
|
39
|
+
|---|---|---|
|
|
40
|
+
| Engine tier (`.mindforge/skills/`) | 202 | 232 |
|
|
41
|
+
| Extended tier (`.agent/skills/`) | 73 | 123 |
|
|
42
|
+
| Slash commands | 174 | 177 |
|
|
43
|
+
|
|
44
|
+
---
|
|
45
|
+
|
|
46
|
+
## [11.5.1] - 2026-06-11 — Robustness + governance-gate patch (Wave 8)
|
|
47
|
+
|
|
48
|
+
A fast-follow patch from a fresh adversarial audit of the shipped v11.5.0 tree.
|
|
49
|
+
Hardens crash-prone JSON parsing in the autonomous/memory pipelines, closes a
|
|
50
|
+
CI governance-gate gap, and tightens two security surfaces. No new features.
|
|
51
|
+
|
|
52
|
+
### Fixed
|
|
53
|
+
|
|
54
|
+
- **Crash-proof AUDIT.jsonl parsing** (`bin/memory/pillar-health-tracker.js`) —
|
|
55
|
+
`summarizePhase()` parsed every audit line with an unguarded `JSON.parse`, so a
|
|
56
|
+
single malformed/torn line crashed the knowledge-capture pipeline. Now parses
|
|
57
|
+
per-line in try/catch and skips bad lines.
|
|
58
|
+
- **Crash-proof compaction capture** (`bin/memory/knowledge-capture.js`) — a
|
|
59
|
+
malformed `handoff.json` no longer throws out of `captureFromCompaction()`; it
|
|
60
|
+
logs and returns `[]`, mirroring the missing-file path.
|
|
61
|
+
- **Resilient federated-sync stats** (`bin/memory/federated-sync.js`) — the two
|
|
62
|
+
unguarded `JSON.parse` calls on `sync-stats.json` (`handleSyncFailure`,
|
|
63
|
+
`resetFailures`) now fall back to `{failures:0}` on corruption, matching the
|
|
64
|
+
sibling `getLastSyncTimestamp` pattern.
|
|
65
|
+
|
|
66
|
+
### Security
|
|
67
|
+
|
|
68
|
+
- **CI Tier-3 governance gate now validates content** (`.github/workflows/control-plane.yml`)
|
|
69
|
+
— the gate counted approval files but never checked them; it now requires at
|
|
70
|
+
least one approval with `identity_verification.verified === true` and a
|
|
71
|
+
signature, and rejects any unverified/empty file. Completes the Wave-6
|
|
72
|
+
fail-closed `approve.js` work (a hand-committed empty approval no longer passes).
|
|
73
|
+
- **Dashboard approval attribution** (`bin/dashboard/api-router.js`) —
|
|
74
|
+
`POST /api/approve/:id` no longer records the client-supplied `approver`
|
|
75
|
+
(forgeable audit identity); it attributes the action to a fixed authenticated
|
|
76
|
+
actor. The dashboard remains localhost-bound + token-gated.
|
|
77
|
+
- **Destructive-command detector blocks Unix `truncate`** (`bin/security/trust-boundaries.js`)
|
|
78
|
+
— the SQL-only `truncate table` pattern missed `truncate -s 0 <path>` (in-place
|
|
79
|
+
file zeroing). Added a size-flag pattern so it is gated; benign uses stay allowed.
|
|
80
|
+
- **CI Tier-3 gate accepts an explicitly-acknowledged unverified approval**
|
|
81
|
+
(`.github/workflows/control-plane.yml`, `bin/governance/approve.js`) — since this
|
|
82
|
+
repo has no GPG signing infra, the gate accepts an approval that is either
|
|
83
|
+
GPG-verified OR an opted-in `unverified_ack` record (`approve.js` under
|
|
84
|
+
`MINDFORGE_ALLOW_UNVERIFIED_APPROVAL=1`), while still rejecting bare/stale
|
|
85
|
+
`verified:false` files. Replaced the stale v11.4.0 approval with a fresh one.
|
|
86
|
+
- **`uuid` dependency removed from `ads-engine`** (`bin/review/ads-engine.js`) — it
|
|
87
|
+
required the uninstalled `uuid` package, making `ads-engine` and (transitively)
|
|
88
|
+
`federated-sync` un-loadable in a clean install. Swapped to the built-in
|
|
89
|
+
`crypto.randomUUID()` (zero-native-deps); both modules now load.
|
|
90
|
+
|
|
3
91
|
## [11.5.0] - 2026-06-11 — Governance hardening + autonomous-engine repair (Waves 4–7)
|
|
4
92
|
|
|
5
93
|
This release bundles four waves of work: orchestration primitives, an **inert** manifest
|
package/MINDFORGE.md
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
# MINDFORGE.md — Parameter Registry (v11.5.
|
|
1
|
+
# MINDFORGE.md — Parameter Registry (v11.5.1)
|
|
2
2
|
|
|
3
3
|
## 1. IDENTITY & VERSIONING
|
|
4
4
|
|
|
5
5
|
[NAME] = MindForge
|
|
6
|
-
[VERSION] = 11.
|
|
6
|
+
[VERSION] = 11.6.0
|
|
7
7
|
[STABLE] = true
|
|
8
8
|
[MODE] = "Platform Sovereign"
|
|
9
|
-
[REQUIRED_CORE_VERSION] = 11.
|
|
9
|
+
[REQUIRED_CORE_VERSION] = 11.6.0
|
|
10
10
|
[SOVEREIGN_IDENTITY] = true
|
|
11
11
|
[SRE_LAYER_ENABLED] = true
|
|
12
12
|
|
package/README.md
CHANGED
|
@@ -4,9 +4,11 @@
|
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
-
## Latest: v11.
|
|
7
|
+
## Latest: v11.6.0
|
|
8
8
|
|
|
9
|
-
- **v11.
|
|
9
|
+
- **v11.6.0 — "Skill Forge".** Adds 80 community-sourced skills across 8 domains (software-development, github, devops, research, security, creative, data-science, note-taking) — 30 promoted to engine tier for automatic trigger-matching, 50 in the extended tier for explicit activation. Three new slash commands: `/mindforge:systematic-debug`, `/mindforge:skill-tdd`, `/mindforge:skills-index`. Total: 153 skills, 232 engine-tier entries, 177 commands.
|
|
10
|
+
- **v11.5.1 — Standalone MCP server.** The MindForge MCP server now ships as its own npm package, `mindforge-mcp-server@11.5.1`, listed on the official MCP Registry as `io.github.sairam0424/mindforge`. Add it to Claude Code with one command (see [Use the MCP server](#-use-the-mcp-server-standalone)); it exposes 7 tools over stdio (6 read-only + 1 guarded write).
|
|
11
|
+
- **v11.3.1 — Packaging hotfix.** Restores the full published payload: every `npx mindforge-cc` install now delivers all 177 slash commands, 153 skills, 154 subagents, and the complete `.mindforge/` framework.
|
|
10
12
|
- **v11.3.0 — "Legion".** Imports 154 specialized Claude-Code-native subagents across 10 categories into `.claude/agents/`, fully rebranded and collision-safe. Additive and backward-compatible.
|
|
11
13
|
|
|
12
14
|
See [CHANGELOG.md](./CHANGELOG.md) for full release history.
|
|
@@ -22,7 +24,7 @@ MindForge v11.0.0 "Sovereign Stability" is a production-hardening release focuse
|
|
|
22
24
|
- **Production observability** — `/api/v1/system` health endpoint, P95 latency tracking, heap health monitoring, and real EIS client with retry logic.
|
|
23
25
|
- **Graduated intelligence** — Adaptive tier escalation (+1/+2/MAX) with cost-awareness, 3-tier stuck detection, and adaptive context windows.
|
|
24
26
|
|
|
25
|
-
This release ships 211 personas,
|
|
27
|
+
This release ships 211 personas, 153 skills, 154 specialized subagents, 177 commands, 18 pillars, and 49 swarm templates across 12 engineering domains.
|
|
26
28
|
|
|
27
29
|
|
|
28
30
|
## Installation & Setup
|
|
@@ -74,6 +76,29 @@ npx mindforge-cc@latest --claude --local
|
|
|
74
76
|
npx mindforge-cc@latest --antigravity --local
|
|
75
77
|
```
|
|
76
78
|
|
|
79
|
+
### 🔗 Use the MCP server (standalone)
|
|
80
|
+
|
|
81
|
+
The MindForge MCP server is published as its own npm package,
|
|
82
|
+
**`mindforge-mcp-server`** (`11.5.1`), and is listed on the official
|
|
83
|
+
[MCP Registry](https://registry.modelcontextprotocol.io) as
|
|
84
|
+
`io.github.sairam0424/mindforge`. Wire it into Claude Code with one command:
|
|
85
|
+
|
|
86
|
+
```bash
|
|
87
|
+
claude mcp add mindforge -- npx -y mindforge-mcp-server
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
It exposes **7 tools over stdio** — 6 read-only plus 1 guarded write:
|
|
91
|
+
|
|
92
|
+
| Tool | Purpose |
|
|
93
|
+
| :--- | :--- |
|
|
94
|
+
| `mindforge_health` | Framework health check |
|
|
95
|
+
| `mindforge_status` | Project status snapshot |
|
|
96
|
+
| `mindforge_memory_query` | Query the knowledge graph |
|
|
97
|
+
| `mindforge_memory_stats` | Knowledge graph statistics |
|
|
98
|
+
| `mindforge_memory_find_related` | Find related knowledge entries |
|
|
99
|
+
| `mindforge_audit_log` | Read the append-only audit trail |
|
|
100
|
+
| `mindforge_memory_remember` | Persist a memory (guarded write) |
|
|
101
|
+
|
|
77
102
|
---
|
|
78
103
|
|
|
79
104
|
- **Production Hardening (v11.0.0)** — LRU caches, atomic JSON writes, log rotation, HANDOFF validation, and temporal snapshot GC for crash-safe long-running sessions.
|
|
@@ -357,6 +382,16 @@ See `.mindforge/production/token-optimiser.md`.
|
|
|
357
382
|
|
|
358
383
|
## 📜 Framework Evolution & Version History
|
|
359
384
|
|
|
385
|
+
<details>
|
|
386
|
+
<summary><b>v11.6.0 — Skill Forge (Core + Dev Skill Pack)</b></summary>
|
|
387
|
+
|
|
388
|
+
- **80 new skills** across 8 domains: software-development, GitHub workflows, DevOps orchestration, research intelligence, security, creative tooling, data-science, and note-taking.
|
|
389
|
+
- **Engine tier (auto-trigger):** 30 skills in `.mindforge/skills/` activated automatically by trigger-phrase matching — systematic debugging, TDD, kanban orchestration, OSINT investigation, web pentesting, concept diagram generation, research paper writing, and more.
|
|
390
|
+
- **Extended tier (explicit):** 50 skills in `.agent/skills/` covering GitHub auth, docker management, DevOps watchers, 1Password, debuggers, pixel art, video orchestration, and more.
|
|
391
|
+
- **3 new slash commands:** `/mindforge:systematic-debug` (4-phase RCA), `/mindforge:skill-tdd` (RED-GREEN-REFACTOR), `/mindforge:skills-index` (browseable skill catalog).
|
|
392
|
+
- All skills cleanly integrated — zero external attribution in any committed file.
|
|
393
|
+
</details>
|
|
394
|
+
|
|
360
395
|
<details>
|
|
361
396
|
<summary><b>v11.0.0 — Sovereign Stability (Production Hardening)</b></summary>
|
|
362
397
|
|
package/RELEASENOTES.md
CHANGED
|
@@ -1,5 +1,105 @@
|
|
|
1
1
|
# Release Notes
|
|
2
2
|
|
|
3
|
+
## v11.6.0 — Skill Forge
|
|
4
|
+
|
|
5
|
+
**Release Date**: 2026-06-17
|
|
6
|
+
**Type**: Minor — additive skill pack expansion, no breaking changes
|
|
7
|
+
**Upgrade Path**: `npx mindforge-cc@latest`
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
Largest single skill expansion in MindForge history. 80 new skills across 8 engineering domains — software development, GitHub workflows, DevOps orchestration, research intelligence, security, creative tooling, data-science, and note-taking. Zero breaking changes; fully backward-compatible.
|
|
12
|
+
|
|
13
|
+
### Engine-tier skills (auto-trigger)
|
|
14
|
+
|
|
15
|
+
30 skills in `.mindforge/skills/` now activate automatically when your task description matches their trigger phrases — no explicit invocation needed:
|
|
16
|
+
|
|
17
|
+
- **Systematic debugging** — 4-phase root-cause methodology. The iron rule: no fix without a root cause investigation first.
|
|
18
|
+
- **Test-driven development** — RED-GREEN-REFACTOR enforcement. Write the failing test first, always.
|
|
19
|
+
- **Plan mode** — implementation planning before coding. Saves the plan to a markdown file.
|
|
20
|
+
- **Kanban orchestration** — `kanban-orchestrator` decomposes work and routes to specialist agents; `kanban-worker` executes individual cards.
|
|
21
|
+
- **GitHub workflows** — PR review, PR lifecycle, issue management, codebase inspection.
|
|
22
|
+
- **OSINT investigation** — public-records cross-reference across SEC, OFAC, OpenCorporates, court records, Wayback Machine.
|
|
23
|
+
- **Web pentesting** — authorized web application penetration testing with hard scope guardrails.
|
|
24
|
+
- **Concept diagrams** — flat, minimal SVG educational diagrams with automatic dark mode.
|
|
25
|
+
- **Research paper writing** — academic paper authoring with citation workflow and reviewer guidelines.
|
|
26
|
+
- And 21 more across research, creative, security, data-science, and note-taking domains.
|
|
27
|
+
|
|
28
|
+
### Extended-tier skills (explicit activation)
|
|
29
|
+
|
|
30
|
+
50 skills in `.agent/skills/` for on-demand use: GitHub auth, docker management, DevOps watchers, 1Password CLI integration, debuggers (Node inspect, Python debugpy), creative tools (pixel art, video orchestration, comic creation), research tools (LLM wiki, polymarket, parallel CLI), and more.
|
|
31
|
+
|
|
32
|
+
### New slash commands
|
|
33
|
+
|
|
34
|
+
| Command | Purpose |
|
|
35
|
+
|---|---|
|
|
36
|
+
| `/mindforge:systematic-debug` | 4-phase root-cause debugging session |
|
|
37
|
+
| `/mindforge:skill-tdd` | Strict TDD RED-GREEN-REFACTOR cycle |
|
|
38
|
+
| `/mindforge:skills-index` | Browse all 153 skills by category |
|
|
39
|
+
|
|
40
|
+
### Skill counts
|
|
41
|
+
|
|
42
|
+
| Tier | Before | After |
|
|
43
|
+
|---|---|---|
|
|
44
|
+
| Engine tier (`.mindforge/skills/`) | 202 | 232 |
|
|
45
|
+
| Extended tier (`.agent/skills/`) | 73 | 123 |
|
|
46
|
+
| Slash commands | 174 | 177 |
|
|
47
|
+
|
|
48
|
+
### Upgrade
|
|
49
|
+
|
|
50
|
+
```bash
|
|
51
|
+
npx mindforge-cc@latest --claude --global
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
No migration steps required. All new skills are additive.
|
|
55
|
+
|
|
56
|
+
---
|
|
57
|
+
|
|
58
|
+
## v11.5.1 — Robustness + governance-gate patch
|
|
59
|
+
|
|
60
|
+
**Release Date**: 2026-06-11
|
|
61
|
+
**Type**: Patch (no API changes; one CI-gate behavior change)
|
|
62
|
+
**Upgrade Path**: `npx mindforge-cc@latest`
|
|
63
|
+
|
|
64
|
+
A fast-follow patch driven by a fresh adversarial audit of the shipped v11.5.0
|
|
65
|
+
tree. It hardens crash-prone JSON parsing in the autonomous/memory pipelines,
|
|
66
|
+
closes a governance-gate gap left by the v11.5.0 approval work, and tightens two
|
|
67
|
+
security surfaces. No features, no API changes.
|
|
68
|
+
|
|
69
|
+
### Robustness — no more crashes on a torn JSONL line
|
|
70
|
+
|
|
71
|
+
Three pipelines parsed JSON without guards, so one malformed/partially-written
|
|
72
|
+
line could crash them:
|
|
73
|
+
|
|
74
|
+
- `summarizePhase()` (pillar-health) parsed every `AUDIT.jsonl` line unguarded —
|
|
75
|
+
it now skips bad lines and keeps the valid ones.
|
|
76
|
+
- `captureFromCompaction()` (knowledge-capture) now returns `[]` on a malformed
|
|
77
|
+
`handoff.json` instead of throwing.
|
|
78
|
+
- `federated-sync` now tolerates a corrupted `sync-stats.json` in both
|
|
79
|
+
`handleSyncFailure` and `resetFailures` (falls back to `{failures:0}`).
|
|
80
|
+
|
|
81
|
+
### Security & governance
|
|
82
|
+
|
|
83
|
+
- **The CI Tier-3 gate now actually validates approvals.** Previously it only
|
|
84
|
+
counted approval files; a hand-committed empty file would pass. It now requires
|
|
85
|
+
each approval to carry a signature and be EITHER GPG-verified
|
|
86
|
+
(`verified: true`) OR an explicitly opted-in unverified approval
|
|
87
|
+
(`unverified_ack`, minted by `approve.js` under
|
|
88
|
+
`MINDFORGE_ALLOW_UNVERIFIED_APPROVAL=1` for repos without GPG infra). Bare or
|
|
89
|
+
stale `verified:false` files are still rejected — completing the v11.5.0
|
|
90
|
+
fail-closed `approve.js` work.
|
|
91
|
+
- **Dashboard approvals can't forge an identity.** `POST /api/approve/:id` no
|
|
92
|
+
longer records a client-supplied `approver` into the audit trail; it attributes
|
|
93
|
+
the action to a fixed authenticated actor. (The dashboard is already
|
|
94
|
+
localhost-bound and Bearer-token gated, so this is attribution hardening.)
|
|
95
|
+
- **The destructive-command guard now blocks Unix `truncate -s`.** In-place file
|
|
96
|
+
zeroing (`truncate -s 0 <path>`) was missed by the SQL-only pattern; it is now
|
|
97
|
+
gated, with benign uses unaffected.
|
|
98
|
+
- **A shipped module that couldn't load is fixed.** `bin/review/ads-engine.js`
|
|
99
|
+
required the uninstalled `uuid` package — so it (and the `federated-sync` that
|
|
100
|
+
imports it) threw on load in a clean install. Swapped to the built-in
|
|
101
|
+
`crypto.randomUUID()`; no new dependency.
|
|
102
|
+
|
|
3
103
|
## v11.5.0 — Governance hardening + autonomous-engine repair
|
|
4
104
|
|
|
5
105
|
**Release Date**: 2026-06-11
|
|
@@ -75,12 +75,21 @@ function register(app) {
|
|
|
75
75
|
app.post('/api/approve/:id', (req, res) => {
|
|
76
76
|
try {
|
|
77
77
|
const { id } = req.params;
|
|
78
|
-
const { decision, comment
|
|
78
|
+
const { decision, comment } = req.body || {};
|
|
79
79
|
|
|
80
80
|
if (!decision) {
|
|
81
81
|
return res.status(400).json({ error: 'Missing "decision" field (approve|reject)' });
|
|
82
82
|
}
|
|
83
83
|
|
|
84
|
+
// SECURITY (v11.5.1): do NOT trust a client-supplied `approver` for the
|
|
85
|
+
// recorded identity — it is forgeable and would let any caller write a
|
|
86
|
+
// false approval audit trail (e.g. resolved_by: 'admin'). requireAuth
|
|
87
|
+
// (server.js) proves the caller holds the owner-only dashboard token but
|
|
88
|
+
// exposes no named principal, so we attribute the action to a FIXED
|
|
89
|
+
// trusted actor. (A future RBAC pass can map a Bearer token -> DID and
|
|
90
|
+
// record the real principal; until then, never echo req.body.approver.)
|
|
91
|
+
const approver = 'dashboard-authenticated';
|
|
92
|
+
|
|
84
93
|
const result = Approval.processDecision(id, decision, comment, approver);
|
|
85
94
|
|
|
86
95
|
if (!result.success) {
|
|
@@ -59,7 +59,11 @@ function verifyApproverIdentity(approver) {
|
|
|
59
59
|
}
|
|
60
60
|
console.warn('[GOVERNANCE] No GPG key — minting an UNVERIFIED approval (MINDFORGE_ALLOW_UNVERIFIED_APPROVAL=1). ' +
|
|
61
61
|
'git identity is spoofable; this approval is NOT cryptographically attributed.');
|
|
62
|
-
|
|
62
|
+
// unverified_ack=true is the EXPLICIT, audited override the CI Tier-3 gate
|
|
63
|
+
// looks for. A bare verified:false record WITHOUT this marker (e.g. a stale
|
|
64
|
+
// pre-fail-closed file or a hand-forged empty one) is still rejected by the
|
|
65
|
+
// gate — only a deliberately opted-in unverified approval is accepted.
|
|
66
|
+
return { verified: false, method: 'git_identity_unverified', identity: approver, unverified_ack: true };
|
|
63
67
|
}
|
|
64
68
|
|
|
65
69
|
return { verified: true, method: 'gpg_key', identity: approver, keyId: gpgKey };
|
|
@@ -58,7 +58,11 @@ class FederatedSync {
|
|
|
58
58
|
const statsPath = path.join(this.localStore.getPaths().MEMORY_DIR, 'sync-stats.json');
|
|
59
59
|
let stats = { failures: 0 };
|
|
60
60
|
if (fs.existsSync(statsPath)) {
|
|
61
|
-
|
|
61
|
+
try {
|
|
62
|
+
stats = JSON.parse(fs.readFileSync(statsPath, 'utf8'));
|
|
63
|
+
} catch {
|
|
64
|
+
stats = { failures: 0 };
|
|
65
|
+
}
|
|
62
66
|
}
|
|
63
67
|
stats.failures = (stats.failures || 0) + 1;
|
|
64
68
|
stats.last_error = err.message;
|
|
@@ -122,7 +126,12 @@ class FederatedSync {
|
|
|
122
126
|
resetFailures() {
|
|
123
127
|
const statsPath = path.join(this.localStore.getPaths().MEMORY_DIR, 'sync-stats.json');
|
|
124
128
|
if (fs.existsSync(statsPath)) {
|
|
125
|
-
|
|
129
|
+
let stats = { failures: 0 };
|
|
130
|
+
try {
|
|
131
|
+
stats = JSON.parse(fs.readFileSync(statsPath, 'utf8'));
|
|
132
|
+
} catch {
|
|
133
|
+
stats = { failures: 0 };
|
|
134
|
+
}
|
|
126
135
|
stats.failures = 0;
|
|
127
136
|
fs.writeFileSync(statsPath, JSON.stringify(stats, null, 2));
|
|
128
137
|
}
|
|
@@ -238,7 +238,16 @@ function captureFromPhaseCompletion(phaseNum) {
|
|
|
238
238
|
function captureFromCompaction(handoffPath) {
|
|
239
239
|
if (!fs.existsSync(handoffPath)) return [];
|
|
240
240
|
|
|
241
|
-
|
|
241
|
+
let handoff;
|
|
242
|
+
try {
|
|
243
|
+
handoff = JSON.parse(fs.readFileSync(handoffPath, 'utf8'));
|
|
244
|
+
} catch (err) {
|
|
245
|
+
// Malformed handoff.json must not crash the capture pipeline — mirror the
|
|
246
|
+
// missing-file path and return [] after logging the parse failure.
|
|
247
|
+
console.error(`[knowledge-capture] Failed to parse handoff file ${handoffPath}: ${err.message}`);
|
|
248
|
+
return [];
|
|
249
|
+
}
|
|
250
|
+
|
|
242
251
|
const items = handoff.implicit_knowledge || [];
|
|
243
252
|
const project = getProjectName();
|
|
244
253
|
const captured = [];
|
|
@@ -18,7 +18,15 @@ class PillarHealthTracker {
|
|
|
18
18
|
if (!fs.existsSync(auditPath)) return null;
|
|
19
19
|
|
|
20
20
|
const lines = fs.readFileSync(auditPath, 'utf8').trim().split('\n');
|
|
21
|
-
const events = lines
|
|
21
|
+
const events = lines
|
|
22
|
+
.map(l => {
|
|
23
|
+
try {
|
|
24
|
+
return JSON.parse(l);
|
|
25
|
+
} catch {
|
|
26
|
+
return null; // Skip malformed lines rather than crashing the pipeline.
|
|
27
|
+
}
|
|
28
|
+
})
|
|
29
|
+
.filter(Boolean);
|
|
22
30
|
|
|
23
31
|
// 1. RSA (Mission Fidelity) Analysis
|
|
24
32
|
const rsaEvents = events.filter(e => e.type === 'mission_fidelity' || e.event === 'scs_homing_injected');
|
package/bin/review/ads-engine.js
CHANGED
|
@@ -8,7 +8,7 @@ const fs = require('fs');
|
|
|
8
8
|
const path = require('path');
|
|
9
9
|
const ModelClient = require('../models/model-client');
|
|
10
10
|
const { calculateSoulScore, parseMetrics, synthesizeADSPlan } = require('./ads-synthesizer');
|
|
11
|
-
const
|
|
11
|
+
const crypto = require('crypto');
|
|
12
12
|
|
|
13
13
|
async function runADSSynthesis(params) {
|
|
14
14
|
const {
|
|
@@ -89,7 +89,7 @@ Finalize the PLAN.md. Include the [ADS_VERDICT]: [MERGED|BLUE|RED] (Score: X.XXX
|
|
|
89
89
|
process.stdout.write('done.\n');
|
|
90
90
|
|
|
91
91
|
// Finalize outputs
|
|
92
|
-
const adsUuid =
|
|
92
|
+
const adsUuid = crypto.randomUUID();
|
|
93
93
|
const adrDir = path.join(process.cwd(), '.planning', 'decisions');
|
|
94
94
|
if (!fs.existsSync(adrDir)) fs.mkdirSync(adrDir, { recursive: true });
|
|
95
95
|
|
|
@@ -124,6 +124,11 @@ function isHighImpact(command) {
|
|
|
124
124
|
/git\s+reset\s+--hard/i,
|
|
125
125
|
/delete\s+from/i,
|
|
126
126
|
/truncate\s+table/i,
|
|
127
|
+
// Unix `truncate -s <size> <path>` zeroes/shrinks a file in place — a
|
|
128
|
+
// destructive data-loss op the SQL-only `truncate table` pattern above
|
|
129
|
+
// misses. Match the size flag (-s, -s0, --size) so `truncate -s 0 <path>`
|
|
130
|
+
// is gated; benign words ("truncated output") and the SQL form are not.
|
|
131
|
+
/\btruncate\s+(-{1,2}s\w*|--size)\b/i,
|
|
127
132
|
/\bmkfs(\.\w+)?\s+\/dev\//i,
|
|
128
133
|
// #11: any dd write target, not just /dev/ (dd if=... of=important.db).
|
|
129
134
|
// Original /dev/-only check is a subset of this, so it stays covered.
|
package/docs/getting-started.md
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# MindForge — Getting Started (v11.
|
|
1
|
+
# MindForge — Getting Started (v11.5.1)
|
|
2
2
|
|
|
3
3
|
This guide gets you from zero to a working MindForge project in under five minutes.
|
|
4
4
|
|
|
@@ -9,21 +9,58 @@ This guide gets you from zero to a working MindForge project in under five minut
|
|
|
9
9
|
|
|
10
10
|
## Install
|
|
11
11
|
|
|
12
|
-
MindForge
|
|
12
|
+
MindForge ships across several channels. Pick the one that matches how you work — the CLI installer is the recommended starting point.
|
|
13
|
+
|
|
14
|
+
### 1. CLI installer (recommended, via `npx`)
|
|
15
|
+
|
|
16
|
+
Zero-config setup that scaffolds the full framework:
|
|
13
17
|
|
|
14
18
|
```bash
|
|
15
19
|
# Recommended (auto-detects your runtime)
|
|
16
|
-
npx mindforge-cc
|
|
20
|
+
npx mindforge-cc@latest
|
|
17
21
|
|
|
18
22
|
# Antigravity (local development)
|
|
19
|
-
npx mindforge-cc --antigravity --local
|
|
23
|
+
npx mindforge-cc@latest --antigravity --local
|
|
20
24
|
|
|
21
25
|
# Claude Code (local, per project)
|
|
22
|
-
npx mindforge-cc --claude --local
|
|
26
|
+
npx mindforge-cc@latest --claude --local
|
|
23
27
|
```
|
|
24
28
|
|
|
25
29
|
After installation, the `mindforge` CLI command is available for runtime operations (health checks, security scans, headless execution, etc.).
|
|
26
30
|
|
|
31
|
+
### 2. Claude Code plugin (self-hosted marketplace)
|
|
32
|
+
|
|
33
|
+
Install MindForge as a Claude Code plugin from its marketplace:
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
/plugin marketplace add sairam0424/MindForge
|
|
37
|
+
/plugin install mindforge@mindforge
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
### 3. Standalone MCP server
|
|
41
|
+
|
|
42
|
+
Run the MindForge MCP server (`mindforge-mcp-server`) over stdio — it exposes 7 tools (6 read-only plus 1 guarded write): `mindforge_health`, `mindforge_status`, `mindforge_memory_query`, `mindforge_memory_stats`, `mindforge_memory_find_related`, `mindforge_audit_log`, and `mindforge_memory_remember`.
|
|
43
|
+
|
|
44
|
+
```bash
|
|
45
|
+
claude mcp add mindforge -- npx -y mindforge-mcp-server
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
This server is also published to the [MCP Registry](https://registry.modelcontextprotocol.io) as `io.github.sairam0424/mindforge` (currently `11.5.1`, marked latest).
|
|
49
|
+
|
|
50
|
+
### 4. Homebrew
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
brew install sairam0424/tap/mindforge
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
### SDK
|
|
57
|
+
|
|
58
|
+
To build on top of MindForge programmatically, install the TypeScript SDK:
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
npm i mindforge-sdk
|
|
62
|
+
```
|
|
63
|
+
|
|
27
64
|
## Initialise Your Project
|
|
28
65
|
|
|
29
66
|
Open your agentic runtime (Antigravity or Claude Code) in your repository and run:
|
package/package.json
CHANGED