mindforge-cc 11.8.0 → 11.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/mindforge/wf-catalog.md +2 -3
- package/.claude/commands/mindforge/wf-catalog.md +2 -3
- package/.mindforge/config.json +2 -2
- package/.mindforge/dynamic-workflows/REGISTRY.md +1 -2
- package/.mindforge/dynamic-workflows/index.json +520 -145
- package/.mindforge/memory/sync-manifest.json +1 -1
- package/CHANGELOG.md +46 -0
- package/MINDFORGE.md +2 -2
- package/README.md +19 -4
- package/SECURITY.md +9 -0
- package/bin/autonomous/auto-runner.js +8 -2
- package/bin/autonomous/dependency-dag.js +1 -1
- package/bin/browser/session-manager.js +3 -1
- package/bin/change-classifier.js +6 -0
- package/bin/governance/ztai-manager.js +36 -9
- package/bin/installer-core.js +5 -0
- package/bin/memory/eis-client.js +6 -2
- package/bin/mindforge-cli.js +1 -1
- package/bin/review/cross-review-engine.js +19 -0
- package/bin/spawn-agent.js +11 -7
- package/bin/sre/sli-verifier.js +9 -1
- package/docs/sdk-reference.md +13 -1
- package/docs/troubleshooting.md +9 -0
- package/package.json +1 -1
- package/.agent/mindforge/wf-deep-research.md +0 -32
- package/.claude/commands/mindforge/wf-deep-research.md +0 -32
- package/.mindforge/dynamic-workflows/scripts/deep-research.js +0 -151
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,51 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [11.8.2] — 2026-07-01 — Clean Stable Release
|
|
4
|
+
|
|
5
|
+
### Fixes
|
|
6
|
+
- `bin/installer-core.js`: Added main-guard — `health` command now produces full diagnostic output
|
|
7
|
+
- `bin/mindforge-cli.js:185`: Fixed null-status bug — signal-killed child processes now exit with code 1 instead of 0
|
|
8
|
+
- `bin/change-classifier.js`: Tier 2 branch now pushes descriptive reasons to reasons[] array
|
|
9
|
+
- `sdk/tests/sdk.test.js:30`: Replaced hardcoded version "11.8.0" with dynamic package.json read
|
|
10
|
+
- `tests/sdk-exports.test.js`: Fixed MODULE_NOT_FOUND path resolution
|
|
11
|
+
- `README.md:7`: Updated "Latest: v11.8.0" header to "Latest: v11.8.1"
|
|
12
|
+
|
|
13
|
+
### Improvements
|
|
14
|
+
- `bin/spawn-agent.js --help`: Added v1.0 stub disclosure note to usage text
|
|
15
|
+
- `bin/governance/ztai-manager.js`: Lazy-instantiate SecureEnclaveProvider — eliminates spurious Tier-3 warning on commands that do not use Tier-3 trust
|
|
16
|
+
- `bin/review/cross-review-engine.js`: Added CLI entry point with --help, --diff, --phase, --context args
|
|
17
|
+
- `tests/worktree-engine.test.js`: Added 90-second timeout override to prevent false parallel-runner timeout
|
|
18
|
+
- ESLint: Resolved auto-fixable errors, lint stage now clean
|
|
19
|
+
- Test coverage: Added tests/errors.test.js and tests/file-io.test.js to improve coverage toward 80% target
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
## [11.8.1] — 2026-07-01 — First Stable Release
|
|
24
|
+
|
|
25
|
+
### Security
|
|
26
|
+
- **mcp-server:** Patched hono to >=4.12.25 — fixes CORS credential reflection, path traversal (Windows), body-limit bypass, Set-Cookie merging, Lambda@Edge header drop
|
|
27
|
+
- **sdk:** Patched picomatch — fixes ReDoS via extglob quantifiers and Method Injection via POSIX character classes
|
|
28
|
+
- **ztai:** Added SECURITY_TIER_3_SIMULATED disclosure constant and startup warning for in-process key simulation
|
|
29
|
+
|
|
30
|
+
### Fixes
|
|
31
|
+
- `bin/sre/sli-verifier.js`: `simulateShadowWave()` now throws in non-simulate mode — gate with `MINDFORGE_SRE_SIMULATE=true`
|
|
32
|
+
- `bin/spawn-agent.js`: spawn stub now exits 1 with actionable error instead of silently succeeding
|
|
33
|
+
- `bin/memory/eis-client.js`: `resolveRemoteNode()` now throws explicitly instead of returning null
|
|
34
|
+
- `bin/browser/session-manager.js`: added `capabilities.importFromBrowser=false` export
|
|
35
|
+
- `.mindforge/config.json`: `mesh.node_id` changed from "beta-node" placeholder to "auto"
|
|
36
|
+
|
|
37
|
+
### Docs
|
|
38
|
+
- README: fixed stale version refs (11.5.1→11.8.1), corrected workflow count to 32, added Node.js >=18 prerequisite and Hello World section
|
|
39
|
+
- SECURITY.md: documented Tier-3 simulation scope, audit-hash replay boundary, spawn dispatch status
|
|
40
|
+
- docs/troubleshooting.md: added spawn stub, importFromBrowser, and test cwd entries
|
|
41
|
+
- docs/sdk-reference.md: updated version to 11.8.1, marked unimplemented methods
|
|
42
|
+
- docs/enterprise-setup.md: documented mesh.node_id configuration requirement
|
|
43
|
+
|
|
44
|
+
### Tests
|
|
45
|
+
- install.test.js + production.test.js: added cwd guard, scoped secrets scan to MindForge root only
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
3
49
|
## [11.8.0] - 2026-06-24 — Workflow Forge II
|
|
4
50
|
|
|
5
51
|
Expands the Dynamic Workflow Library from 12 to 33 workflows across 5 tiers, adding a new **Beast tier** for compound multi-phase multi-agent workflows with adversarial verification. 21 new workflows added. 92/92 tests pass.
|
package/MINDFORGE.md
CHANGED
|
@@ -3,10 +3,10 @@
|
|
|
3
3
|
## 1. IDENTITY & VERSIONING
|
|
4
4
|
|
|
5
5
|
[NAME] = MindForge
|
|
6
|
-
[VERSION] = 11.8.
|
|
6
|
+
[VERSION] = 11.8.2
|
|
7
7
|
[STABLE] = true
|
|
8
8
|
[MODE] = "Platform Sovereign"
|
|
9
|
-
[REQUIRED_CORE_VERSION] = 11.8.
|
|
9
|
+
[REQUIRED_CORE_VERSION] = 11.8.2
|
|
10
10
|
[SOVEREIGN_IDENTITY] = true
|
|
11
11
|
[SRE_LAYER_ENABLED] = true
|
|
12
12
|
|
package/README.md
CHANGED
|
@@ -4,9 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
---
|
|
6
6
|
|
|
7
|
-
## Latest: v11.8.
|
|
7
|
+
## Latest: v11.8.1
|
|
8
8
|
|
|
9
|
-
- **v11.8.0 — "Workflow Forge II".** Expands the Dynamic Workflow Library from 12 to
|
|
9
|
+
- **v11.8.0 — "Workflow Forge II".** Expands the Dynamic Workflow Library from 12 to 32 workflows across 5 tiers — adds a new **Beast tier** for compound 5-phase adversarial workflows (security-hardening, accessibility-audit, security-threat-model), plus 18 more across Dev/Ops/Intelligence/Research. 21 new `/mindforge:wf-*` commands. Total: 219 commands.
|
|
10
10
|
- **v11.7.0 — "Workflow Forge".** Ships the first Dynamic Workflow Library — 12 pre-built multi-agent workflow scripts that run via Claude Code's `Workflow` tool with true parallel agent execution. Four tiers: Research (deep-research, competitive-analysis, tech-evaluation), Dev (code-audit, feature-planner, pr-review, tdd-sprint, refactor-plan), Ops (incident-response, release-prep), Intelligence (onboard-codebase, perf-optimize). 13 new `/mindforge:wf-*` commands. Total: 198 commands.
|
|
11
11
|
- **v11.6.0 — "Skill Forge".** Adds 80 community-sourced skills across 8 domains (software-development, github, devops, research, security, creative, data-science, note-taking) — 30 promoted to engine tier for automatic trigger-matching, 50 in the extended tier for explicit activation. Three new slash commands: `/mindforge:systematic-debug`, `/mindforge:skill-tdd`, `/mindforge:skills-index`. Total: 153 skills, 232 engine-tier entries, 185 commands.
|
|
12
12
|
- **v11.5.1 — Standalone MCP server.** The MindForge MCP server now ships as its own npm package, `mindforge-mcp-server@11.5.1`, listed on the official MCP Registry as `io.github.sairam0424/mindforge`. Add it to Claude Code with one command (see [Use the MCP server](#-use-the-mcp-server-standalone)); it exposes 7 tools over stdio (6 read-only + 1 guarded write).
|
|
@@ -14,6 +14,9 @@
|
|
|
14
14
|
|
|
15
15
|
See [CHANGELOG.md](./CHANGELOG.md) for full release history.
|
|
16
16
|
|
|
17
|
+
<details>
|
|
18
|
+
<summary>v11.0.0 — Sovereign Stability highlights</summary>
|
|
19
|
+
|
|
17
20
|
## v11.0.0 — Sovereign Stability
|
|
18
21
|
|
|
19
22
|
MindForge v11.0.0 "Sovereign Stability" is a production-hardening release focused on reliability, performance, and real-world deployment readiness. Key highlights:
|
|
@@ -27,6 +30,8 @@ MindForge v11.0.0 "Sovereign Stability" is a production-hardening release focuse
|
|
|
27
30
|
|
|
28
31
|
This release ships 211 personas, 153 skills, 154 specialized subagents, 198 commands, 18 pillars, and 49 swarm templates across 12 engineering domains.
|
|
29
32
|
|
|
33
|
+
</details>
|
|
34
|
+
|
|
30
35
|
|
|
31
36
|
## Installation & Setup
|
|
32
37
|
|
|
@@ -46,6 +51,8 @@ for all 11 plugins, token-budget guidance, and team setup.
|
|
|
46
51
|
|
|
47
52
|
### 🚀 Quick Start (npx — full framework engine)
|
|
48
53
|
|
|
54
|
+
**Prerequisites:** Node.js >= 18.0.0
|
|
55
|
+
|
|
49
56
|
The npx installer also writes the complete `.mindforge/` engine (governance, memory,
|
|
50
57
|
planning) into your project:
|
|
51
58
|
|
|
@@ -80,7 +87,7 @@ npx mindforge-cc@latest --antigravity --local
|
|
|
80
87
|
### 🔗 Use the MCP server (standalone)
|
|
81
88
|
|
|
82
89
|
The MindForge MCP server is published as its own npm package,
|
|
83
|
-
**`mindforge-mcp-server`** (`11.
|
|
90
|
+
**`mindforge-mcp-server`** (`11.8.1`), and is listed on the official
|
|
84
91
|
[MCP Registry](https://registry.modelcontextprotocol.io) as
|
|
85
92
|
`io.github.sairam0424/mindforge`. Wire it into Claude Code with one command:
|
|
86
93
|
|
|
@@ -102,6 +109,14 @@ It exposes **7 tools over stdio** — 6 read-only plus 1 guarded write:
|
|
|
102
109
|
|
|
103
110
|
---
|
|
104
111
|
|
|
112
|
+
## Quick Verification
|
|
113
|
+
|
|
114
|
+
After install, open Claude Code and type:
|
|
115
|
+
- `/mindforge:status` — verify installation and show project health
|
|
116
|
+
- `/mindforge:next` — auto-discover your first task
|
|
117
|
+
|
|
118
|
+
---
|
|
119
|
+
|
|
105
120
|
- **Production Hardening (v11.0.0)** — LRU caches, atomic JSON writes, log rotation, HANDOFF validation, and temporal snapshot GC for crash-safe long-running sessions.
|
|
106
121
|
- **True Wave Parallelism (v11.0.0)** — Semaphore-based concurrent wave execution with configurable max concurrency replaces sequential dispatch.
|
|
107
122
|
- **Streaming SDK (v11.0.0)** — WebSocket event streaming, `streamExecution()` AsyncIterable, `batchExecute()`, model streaming across Anthropic/OpenAI/Gemini providers.
|
|
@@ -383,7 +398,7 @@ See `.mindforge/production/token-optimiser.md`.
|
|
|
383
398
|
|
|
384
399
|
## 🚀 Dynamic Workflow Library
|
|
385
400
|
|
|
386
|
-
|
|
401
|
+
32 pre-built multi-agent workflow scripts that run via Claude Code's `Workflow` tool. Each workflow fans out concurrent agents, synthesizes results, and returns structured output.
|
|
387
402
|
|
|
388
403
|
**Discover:** `/mindforge:wf-catalog` or `node bin/mindforge-cli.js workflow list`
|
|
389
404
|
|
package/SECURITY.md
CHANGED
|
@@ -136,3 +136,12 @@ narrow disposable memory · scan skills/hooks/MCP/agents as supply-chain artifac
|
|
|
136
136
|
## Contact
|
|
137
137
|
|
|
138
138
|
For security questions that are not vulnerability reports, open a GitHub Discussion with the "security" label.
|
|
139
|
+
|
|
140
|
+
## Tier-3 Trust (ZTAI Secure Enclave)
|
|
141
|
+
Tier-3 trust in v1.0 uses **in-process key simulation** (`bin/governance/ztai-manager.js` `SecureEnclaveProvider`). Key material resides in the Node.js heap — it is NOT hardware-isolated. A real TPM/HSM provider is planned for v1.2. **Do not use Tier-3 trust for production credential workflows in v1.0.**
|
|
142
|
+
|
|
143
|
+
## Audit Log Tamper Evidence
|
|
144
|
+
The Merkle chain (`bin/governance/audit-hash.js`) provides tamper-evidence for content and ordering but does not prevent replay of identical entries. Restrict OS-level write access to `.planning/AUDIT.jsonl` to prevent replay attacks.
|
|
145
|
+
|
|
146
|
+
## Agent Dispatch (spawn mode)
|
|
147
|
+
`bin/spawn-agent.js` spawn mode exits with an error in v1.0 — real agent dispatch is not yet implemented at the shell level. Use Claude Code slash commands (`/mindforge:auto`, `/mindforge:next`) to dispatch agents. Direct shell-level dispatch is planned for v1.1.
|
|
@@ -776,8 +776,14 @@ class AutoRunner {
|
|
|
776
776
|
const mirrorPath = await this.mirror.replicate(incident);
|
|
777
777
|
const decision = await this.adversary.runDebate(incident, mirrorPath);
|
|
778
778
|
if (decision.verdict === 'APPROVED' || decision.verdict === 'AMENDED') {
|
|
779
|
-
|
|
780
|
-
|
|
779
|
+
let baseline, postFix;
|
|
780
|
+
try {
|
|
781
|
+
baseline = this.verifier.simulateShadowWave(false);
|
|
782
|
+
postFix = this.verifier.simulateShadowWave(true);
|
|
783
|
+
} catch (e) {
|
|
784
|
+
this.writeAudit({ event: 'sre_sli_unavailable', rid: incident.remediation_id, reason: e.message });
|
|
785
|
+
return;
|
|
786
|
+
}
|
|
781
787
|
const verification = await this.verifier.verify(baseline, postFix);
|
|
782
788
|
if (verification.isHealthy) {
|
|
783
789
|
this.writeAudit({ event: 'sre_remediation_applied', rid: incident.remediation_id, verdict: decision.verdict });
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Kahn topological sort + cycle detection.
|
|
5
5
|
* Ported from the previously test-only implementation into the real engine.
|
|
6
6
|
*
|
|
7
|
-
* TODO(UC-xx): same-wave file-conflict detection
|
|
7
|
+
* TODO(UC-xx): same-wave file-conflict detection — deferred until handoff schema carries per-task file lists. See docs/architecture/ for scope.
|
|
8
8
|
* Handoff tasks (see normalizeTask in wave-executor.js and validateHandoff in
|
|
9
9
|
* state-manager.js) currently expose only id/name/plan/depends_on — there is
|
|
10
10
|
* no `files` field to compare. A `findFileConflicts(plans)` check (two tasks
|
package/bin/change-classifier.js
CHANGED
|
@@ -75,6 +75,12 @@ function classify() {
|
|
|
75
75
|
if (tier < 3) {
|
|
76
76
|
if (diffFiles.length > 10 || diffFiles.some(f => f.endsWith('.js') || f.endsWith('.ts'))) {
|
|
77
77
|
tier = 2; // Significant logic change
|
|
78
|
+
if (diffFiles.length > 10) {
|
|
79
|
+
reasons.push(`Large changeset: ${diffFiles.length} files modified`);
|
|
80
|
+
} else {
|
|
81
|
+
const jsFile = diffFiles.find(f => f.endsWith('.js') || f.endsWith('.ts'));
|
|
82
|
+
if (jsFile) reasons.push(`JavaScript/TypeScript file modified: ${jsFile}`);
|
|
83
|
+
}
|
|
78
84
|
}
|
|
79
85
|
}
|
|
80
86
|
|
|
@@ -9,6 +9,8 @@ const configManager = require('./config-manager');
|
|
|
9
9
|
|
|
10
10
|
const generateKeyPair = promisify(crypto.generateKeyPair);
|
|
11
11
|
|
|
12
|
+
const SECURITY_TIER_3_SIMULATED = true;
|
|
13
|
+
|
|
12
14
|
/**
|
|
13
15
|
* Abstract Base Class for Key Providers
|
|
14
16
|
*/
|
|
@@ -61,6 +63,9 @@ class LocalKeyProvider extends KeyProvider {
|
|
|
61
63
|
class SecureEnclaveProvider extends KeyProvider {
|
|
62
64
|
constructor() {
|
|
63
65
|
super();
|
|
66
|
+
console.warn('[ZTAI] WARNING: Tier-3 trust using simulated in-process key storage. ' +
|
|
67
|
+
'Key material resides in the Node.js heap — not hardware-isolated. ' +
|
|
68
|
+
'Do not use Tier-3 trust for production credential workflows in v1.0.');
|
|
64
69
|
this.enclaveStore = new Map(); // DID -> { privateKey, metadata }
|
|
65
70
|
}
|
|
66
71
|
|
|
@@ -141,11 +146,32 @@ class QuantumSafeKeyProvider extends KeyProvider {
|
|
|
141
146
|
class ZTAIManager {
|
|
142
147
|
constructor() {
|
|
143
148
|
this.agentRegistry = new Map(); // DID -> { publicKey, persona, tier, providerType }
|
|
144
|
-
this.
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
+
this._providers = {}; // lazily populated — see _getProvider()
|
|
150
|
+
}
|
|
151
|
+
|
|
152
|
+
/**
|
|
153
|
+
* Returns the key provider for the given providerType, constructing it on
|
|
154
|
+
* first use. This defers SecureEnclaveProvider (and its Tier-3 console
|
|
155
|
+
* warning) until a Tier-3+ agent is actually registered, and defers
|
|
156
|
+
* QuantumSafeKeyProvider (and its `require('./quantum-crypto')`) until PQC
|
|
157
|
+
* is explicitly requested — so unrelated commands stay warning-free.
|
|
158
|
+
*
|
|
159
|
+
* @param {'local'|'enclave'|'quantum'} providerType
|
|
160
|
+
* @returns {KeyProvider}
|
|
161
|
+
*/
|
|
162
|
+
_getProvider(providerType) {
|
|
163
|
+
if (!this._providers[providerType]) {
|
|
164
|
+
if (providerType === 'local') {
|
|
165
|
+
this._providers[providerType] = new LocalKeyProvider();
|
|
166
|
+
} else if (providerType === 'enclave') {
|
|
167
|
+
this._providers[providerType] = new SecureEnclaveProvider();
|
|
168
|
+
} else if (providerType === 'quantum') {
|
|
169
|
+
this._providers[providerType] = new QuantumSafeKeyProvider();
|
|
170
|
+
} else {
|
|
171
|
+
throw new Error(`Unknown provider type: ${providerType}`);
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
return this._providers[providerType];
|
|
149
175
|
}
|
|
150
176
|
|
|
151
177
|
/**
|
|
@@ -187,7 +213,7 @@ class ZTAIManager {
|
|
|
187
213
|
const did = `did:mindforge:${uuid}`;
|
|
188
214
|
|
|
189
215
|
const providerType = this._selectProvider(tier);
|
|
190
|
-
const provider = this.
|
|
216
|
+
const provider = this._getProvider(providerType);
|
|
191
217
|
|
|
192
218
|
const publicKeyPEM = await provider.generate(did);
|
|
193
219
|
|
|
@@ -216,7 +242,7 @@ class ZTAIManager {
|
|
|
216
242
|
const agent = this.agentRegistry.get(did);
|
|
217
243
|
if (!agent) throw new Error(`Agent not registered: ${did}`);
|
|
218
244
|
|
|
219
|
-
const provider = this.
|
|
245
|
+
const provider = this._getProvider(agent.providerType);
|
|
220
246
|
return await provider.sign(did, data);
|
|
221
247
|
}
|
|
222
248
|
|
|
@@ -240,7 +266,7 @@ class ZTAIManager {
|
|
|
240
266
|
const agent = this.agentRegistry.get(did);
|
|
241
267
|
if (!agent) throw new Error(`Agent not found: ${did}`);
|
|
242
268
|
|
|
243
|
-
const provider = this.
|
|
269
|
+
const provider = this._getProvider(agent.providerType);
|
|
244
270
|
agent.publicKey = await provider.rotate(did);
|
|
245
271
|
agent.rotatedAt = new Date().toISOString();
|
|
246
272
|
return true;
|
|
@@ -249,7 +275,7 @@ class ZTAIManager {
|
|
|
249
275
|
revokeAgent(did) {
|
|
250
276
|
const agent = this.agentRegistry.get(did);
|
|
251
277
|
if (agent) {
|
|
252
|
-
this.
|
|
278
|
+
this._getProvider(agent.providerType).delete(did);
|
|
253
279
|
this.agentRegistry.delete(did);
|
|
254
280
|
}
|
|
255
281
|
}
|
|
@@ -307,3 +333,4 @@ class ZTAIManager {
|
|
|
307
333
|
}
|
|
308
334
|
|
|
309
335
|
module.exports = new ZTAIManager();
|
|
336
|
+
module.exports.SECURITY_TIER_3_SIMULATED = SECURITY_TIER_3_SIMULATED;
|
package/bin/installer-core.js
CHANGED
|
@@ -952,3 +952,8 @@ async function run(args) {
|
|
|
952
952
|
}
|
|
953
953
|
|
|
954
954
|
module.exports = { run, install, uninstall, RUNTIMES, generateEntryContent, SENSITIVE_EXCLUDE, MINDFORGE_DEV_EXCLUDE };
|
|
955
|
+
|
|
956
|
+
if (require.main === module) {
|
|
957
|
+
const args = process.argv.slice(2);
|
|
958
|
+
run(args).catch(err => { console.error(err.message); process.exit(1); });
|
|
959
|
+
}
|
package/bin/memory/eis-client.js
CHANGED
|
@@ -144,9 +144,13 @@ class EISClient {
|
|
|
144
144
|
}
|
|
145
145
|
}
|
|
146
146
|
|
|
147
|
-
// TODO: implement
|
|
147
|
+
// TODO(EIS-remote): implement cross-node context resolution in v1.1
|
|
148
148
|
async resolveRemoteNode(nodeId) {
|
|
149
|
-
|
|
149
|
+
// TODO(EIS-remote): implement cross-node context resolution in v1.1
|
|
150
|
+
throw new Error(
|
|
151
|
+
`EIS remote node resolution not implemented (nodeId: ${nodeId}). ` +
|
|
152
|
+
'Cross-node context is local-only in v1.0.'
|
|
153
|
+
);
|
|
150
154
|
}
|
|
151
155
|
|
|
152
156
|
/**
|
package/bin/mindforge-cli.js
CHANGED
|
@@ -182,7 +182,7 @@ const result = spawnSync('node', [scriptPath, ...finalArgs], {
|
|
|
182
182
|
env: { ...process.env, MINDFORGE_CLI: 'true' }
|
|
183
183
|
});
|
|
184
184
|
|
|
185
|
-
process.exit(result.status
|
|
185
|
+
process.exit(result.status != null ? result.status : (result.signal ? 1 : 0));
|
|
186
186
|
|
|
187
187
|
/**
|
|
188
188
|
* Levenshtein distance — dynamic programming edit distance between two strings.
|
|
@@ -90,3 +90,22 @@ async function runCrossReview(params) {
|
|
|
90
90
|
}
|
|
91
91
|
|
|
92
92
|
module.exports = { runCrossReview, parseFindings: synthesizeFindings.parseFindings, extractVerdict };
|
|
93
|
+
|
|
94
|
+
if (require.main === module) {
|
|
95
|
+
const args = process.argv.slice(2);
|
|
96
|
+
const phase = args.find(a => a.startsWith('--phase='))?.split('=')[1] || 'full';
|
|
97
|
+
const diff = args.find(a => a.startsWith('--diff='))?.split('=')[1] || 'HEAD';
|
|
98
|
+
const context = args.find(a => a.startsWith('--context='))?.split('=')[1] || '';
|
|
99
|
+
if (args.includes('--help') || args.length === 0) {
|
|
100
|
+
console.log('MindForge PR Review — Cross-model review engine');
|
|
101
|
+
console.log('Usage: node bin/review/cross-review-engine.js [--diff=HEAD] [--phase=full] [--context=...]');
|
|
102
|
+
console.log(' --diff Git ref or diff target (default: HEAD)');
|
|
103
|
+
console.log(' --phase Review phase: full|security|quality|performance (default: full)');
|
|
104
|
+
console.log(' --context Additional context string for the review');
|
|
105
|
+
process.exit(0);
|
|
106
|
+
}
|
|
107
|
+
console.log(`[MindForge PR Review] Starting ${phase} review of ${diff}...`);
|
|
108
|
+
runCrossReview({ phaseNum: phase, diff, context })
|
|
109
|
+
.then(result => { console.log(JSON.stringify(result, null, 2)); process.exit(0); })
|
|
110
|
+
.catch(err => { console.error('Review failed:', err.message); process.exit(1); });
|
|
111
|
+
}
|
package/bin/spawn-agent.js
CHANGED
|
@@ -26,6 +26,7 @@ const SAFE_NAME_PATTERN = /^[A-Za-z0-9-_]+$/;
|
|
|
26
26
|
if (!MODE || !TARGET) {
|
|
27
27
|
console.error('❌ Usage: node bin/spawn-agent.js <mode> <target> [--dry-run]');
|
|
28
28
|
console.error(' modes: identity | spawn | subagent');
|
|
29
|
+
console.error(' Note: spawn mode performs persona resolution only in v1.0 — actual agent dispatch requires Claude Code slash commands (/mindforge:auto or /mindforge:next)');
|
|
29
30
|
process.exit(1);
|
|
30
31
|
}
|
|
31
32
|
|
|
@@ -125,13 +126,16 @@ async function run() {
|
|
|
125
126
|
process.exit(0);
|
|
126
127
|
}
|
|
127
128
|
|
|
128
|
-
//
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
129
|
+
// Agent dispatch to Claude Code runtime is not yet implemented.
|
|
130
|
+
// Use Claude Code slash commands to dispatch agents instead.
|
|
131
|
+
console.error(
|
|
132
|
+
'Agent spawn dispatch not implemented in v1.0.\n' +
|
|
133
|
+
' Use Claude Code slash commands instead:\n' +
|
|
134
|
+
' /mindforge:auto — reactive engine start\n' +
|
|
135
|
+
' /mindforge:next — primary auto-discovery\n' +
|
|
136
|
+
' See docs/troubleshooting.md for details.'
|
|
137
|
+
);
|
|
138
|
+
process.exit(1);
|
|
135
139
|
}
|
|
136
140
|
|
|
137
141
|
run().catch(err => {
|
package/bin/sre/sli-verifier.js
CHANGED
|
@@ -66,9 +66,17 @@ class SLIVerifier {
|
|
|
66
66
|
|
|
67
67
|
/**
|
|
68
68
|
* Heuristic simulation of a "Shadow Wave" to generate metrics.
|
|
69
|
+
* Gated behind MINDFORGE_SRE_SIMULATE=true — must not run in production
|
|
70
|
+
* without explicit opt-in.
|
|
69
71
|
*/
|
|
70
72
|
simulateShadowWave(isFixApplied = false) {
|
|
71
|
-
|
|
73
|
+
if (process.env.MINDFORGE_SRE_SIMULATE !== 'true') {
|
|
74
|
+
throw new Error(
|
|
75
|
+
'[SRE] simulateShadowWave() called outside simulate mode. ' +
|
|
76
|
+
'Set MINDFORGE_SRE_SIMULATE=true to enable SLI simulation, ' +
|
|
77
|
+
'or implement real metric collection from /api/v1/system.'
|
|
78
|
+
);
|
|
79
|
+
}
|
|
72
80
|
return {
|
|
73
81
|
latency: 120 + (Math.random() * 20),
|
|
74
82
|
error_rate: isFixApplied ? 0.001 : 0.05,
|
package/docs/sdk-reference.md
CHANGED
|
@@ -14,7 +14,7 @@ import {
|
|
|
14
14
|
} from '@mindforge/sdk';
|
|
15
15
|
```
|
|
16
16
|
|
|
17
|
-
Current SDK version: `
|
|
17
|
+
Current SDK version: `11.8.1`
|
|
18
18
|
|
|
19
19
|
---
|
|
20
20
|
|
|
@@ -93,6 +93,18 @@ Returns `true` if the unified SQLite knowledge database (`celestial.db`) exists
|
|
|
93
93
|
|
|
94
94
|
Returns the absolute path to the project's `celestial.db` SQLite database file.
|
|
95
95
|
|
|
96
|
+
#### `importFromBrowser(sessionData: unknown): Promise<void>`
|
|
97
|
+
|
|
98
|
+
Imports a session snapshot captured from a browser environment into the local session store.
|
|
99
|
+
|
|
100
|
+
> **[NOT IMPLEMENTED — v1.0]** This method always throws. Check `sessionManager.capabilities.importFromBrowser === false` before calling. Use `saveSession`/`loadSession` instead.
|
|
101
|
+
|
|
102
|
+
#### `resolveRemoteNode(nodeId: string): Promise<unknown>`
|
|
103
|
+
|
|
104
|
+
Resolves context for a node residing on a remote EIS (Edge Intelligence Shard) instance.
|
|
105
|
+
|
|
106
|
+
> **[NOT IMPLEMENTED — v1.0]** `resolveRemoteNode(nodeId)` always throws. Cross-node context resolution is local-only in v1.0. Planned for v1.1.
|
|
107
|
+
|
|
96
108
|
---
|
|
97
109
|
|
|
98
110
|
## `MindForgeMemory`
|
package/docs/troubleshooting.md
CHANGED
|
@@ -137,3 +137,12 @@ If the above doesn’t resolve it:
|
|
|
137
137
|
- **Architecture**: `docs/architecture/V5-ENTERPRISE.md`
|
|
138
138
|
- **Commands**: `docs/commands-reference.md`
|
|
139
139
|
- **Personas**: `docs/PERSONAS.md`
|
|
140
|
+
|
|
141
|
+
## Agent spawn returns immediately with no action
|
|
142
|
+
`spawn` mode in `bin/spawn-agent.js` exits with an error in v1.0. Real agent dispatch requires Claude Code slash commands. Use `/mindforge:auto` or `/mindforge:next` to dispatch agents.
|
|
143
|
+
|
|
144
|
+
## `importFromBrowser` crashes
|
|
145
|
+
Browser cookie import from native browser profiles is not implemented in v1.0. Use `saveSession`/`loadSession` instead. Check `sessionManager.capabilities.importFromBrowser` before calling.
|
|
146
|
+
|
|
147
|
+
## Tests fail when run from a parent directory
|
|
148
|
+
All tests must be run from the MindForge project root: `cd /path/to/MindForge && npm test`. Running from the parent workspace will produce false failures.
|
package/package.json
CHANGED
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: "Fan-out web research with adversarial claim verification and cited synthesis"
|
|
3
|
-
---
|
|
4
|
-
# /mindforge:wf-deep-research
|
|
5
|
-
|
|
6
|
-
Runs the **Deep Research** dynamic workflow.
|
|
7
|
-
|
|
8
|
-
## Usage
|
|
9
|
-
`/mindforge:wf-deep-research <your research question>`
|
|
10
|
-
|
|
11
|
-
## What it does
|
|
12
|
-
- **Scope**: Decomposes your question into 5 independent search angles
|
|
13
|
-
- **Search**: 5 parallel web search agents, one per angle (~30s)
|
|
14
|
-
- **Fetch**: Deduplicates URLs, fetches top 15 sources, extracts falsifiable claims
|
|
15
|
-
- **Verify**: 3-vote adversarial verification per claim — 2/3 refutes kills a claim
|
|
16
|
-
- **Synthesize**: Merges confirmed findings, ranks by confidence, cites all sources
|
|
17
|
-
|
|
18
|
-
## Running
|
|
19
|
-
|
|
20
|
-
Invoke via Claude Code's Workflow tool:
|
|
21
|
-
|
|
22
|
-
```
|
|
23
|
-
Workflow({
|
|
24
|
-
scriptPath: ".mindforge/dynamic-workflows/scripts/deep-research.js",
|
|
25
|
-
args: "<your input>"
|
|
26
|
-
})
|
|
27
|
-
```
|
|
28
|
-
|
|
29
|
-
Or discover via CLI:
|
|
30
|
-
```bash
|
|
31
|
-
node bin/mindforge-cli.js workflow info deep-research
|
|
32
|
-
```
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
description: "Fan-out web research with adversarial claim verification and cited synthesis"
|
|
3
|
-
---
|
|
4
|
-
# /mindforge:wf-deep-research
|
|
5
|
-
|
|
6
|
-
Runs the **Deep Research** dynamic workflow.
|
|
7
|
-
|
|
8
|
-
## Usage
|
|
9
|
-
`/mindforge:wf-deep-research <your research question>`
|
|
10
|
-
|
|
11
|
-
## What it does
|
|
12
|
-
- **Scope**: Decomposes your question into 5 independent search angles
|
|
13
|
-
- **Search**: 5 parallel web search agents, one per angle (~30s)
|
|
14
|
-
- **Fetch**: Deduplicates URLs, fetches top 15 sources, extracts falsifiable claims
|
|
15
|
-
- **Verify**: 3-vote adversarial verification per claim — 2/3 refutes kills a claim
|
|
16
|
-
- **Synthesize**: Merges confirmed findings, ranks by confidence, cites all sources
|
|
17
|
-
|
|
18
|
-
## Running
|
|
19
|
-
|
|
20
|
-
Invoke via Claude Code's Workflow tool:
|
|
21
|
-
|
|
22
|
-
```
|
|
23
|
-
Workflow({
|
|
24
|
-
scriptPath: ".mindforge/dynamic-workflows/scripts/deep-research.js",
|
|
25
|
-
args: "<your input>"
|
|
26
|
-
})
|
|
27
|
-
```
|
|
28
|
-
|
|
29
|
-
Or discover via CLI:
|
|
30
|
-
```bash
|
|
31
|
-
node bin/mindforge-cli.js workflow info deep-research
|
|
32
|
-
```
|