mindforge-cc 11.8.0 → 11.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "pattern-library.jsonl": {
3
- "lastSync": "2026-06-24T05:48:11.891Z",
3
+ "lastSync": "2026-07-01T06:53:59.643Z",
4
4
  "localCount": 1
5
5
  }
6
6
  }
package/CHANGELOG.md CHANGED
@@ -1,5 +1,51 @@
1
1
  # Changelog
2
2
 
3
+ ## [11.8.2] — 2026-07-01 — Clean Stable Release
4
+
5
+ ### Fixes
6
+ - `bin/installer-core.js`: Added main-guard — `health` command now produces full diagnostic output
7
+ - `bin/mindforge-cli.js:185`: Fixed null-status bug — signal-killed child processes now exit with code 1 instead of 0
8
+ - `bin/change-classifier.js`: Tier 2 branch now pushes descriptive reasons to reasons[] array
9
+ - `sdk/tests/sdk.test.js:30`: Replaced hardcoded version "11.8.0" with dynamic package.json read
10
+ - `tests/sdk-exports.test.js`: Fixed MODULE_NOT_FOUND path resolution
11
+ - `README.md:7`: Updated "Latest: v11.8.0" header to "Latest: v11.8.1"
12
+
13
+ ### Improvements
14
+ - `bin/spawn-agent.js --help`: Added v1.0 stub disclosure note to usage text
15
+ - `bin/governance/ztai-manager.js`: Lazy-instantiate SecureEnclaveProvider — eliminates spurious Tier-3 warning on commands that do not use Tier-3 trust
16
+ - `bin/review/cross-review-engine.js`: Added CLI entry point with --help, --diff, --phase, --context args
17
+ - `tests/worktree-engine.test.js`: Added 90-second timeout override to prevent false parallel-runner timeout
18
+ - ESLint: Resolved auto-fixable errors, lint stage now clean
19
+ - Test coverage: Added tests/errors.test.js and tests/file-io.test.js to improve coverage toward 80% target
20
+
21
+ ---
22
+
23
+ ## [11.8.1] — 2026-07-01 — First Stable Release
24
+
25
+ ### Security
26
+ - **mcp-server:** Patched hono to >=4.12.25 — fixes CORS credential reflection, path traversal (Windows), body-limit bypass, Set-Cookie merging, Lambda@Edge header drop
27
+ - **sdk:** Patched picomatch — fixes ReDoS via extglob quantifiers and Method Injection via POSIX character classes
28
+ - **ztai:** Added SECURITY_TIER_3_SIMULATED disclosure constant and startup warning for in-process key simulation
29
+
30
+ ### Fixes
31
+ - `bin/sre/sli-verifier.js`: `simulateShadowWave()` now throws in non-simulate mode — gate with `MINDFORGE_SRE_SIMULATE=true`
32
+ - `bin/spawn-agent.js`: spawn stub now exits 1 with actionable error instead of silently succeeding
33
+ - `bin/memory/eis-client.js`: `resolveRemoteNode()` now throws explicitly instead of returning null
34
+ - `bin/browser/session-manager.js`: added `capabilities.importFromBrowser=false` export
35
+ - `.mindforge/config.json`: `mesh.node_id` changed from "beta-node" placeholder to "auto"
36
+
37
+ ### Docs
38
+ - README: fixed stale version refs (11.5.1→11.8.1), corrected workflow count to 32, added Node.js >=18 prerequisite and Hello World section
39
+ - SECURITY.md: documented Tier-3 simulation scope, audit-hash replay boundary, spawn dispatch status
40
+ - docs/troubleshooting.md: added spawn stub, importFromBrowser, and test cwd entries
41
+ - docs/sdk-reference.md: updated version to 11.8.1, marked unimplemented methods
42
+ - docs/enterprise-setup.md: documented mesh.node_id configuration requirement
43
+
44
+ ### Tests
45
+ - install.test.js + production.test.js: added cwd guard, scoped secrets scan to MindForge root only
46
+
47
+ ---
48
+
3
49
  ## [11.8.0] - 2026-06-24 — Workflow Forge II
4
50
 
5
51
  Expands the Dynamic Workflow Library from 12 to 33 workflows across 5 tiers, adding a new **Beast tier** for compound multi-phase multi-agent workflows with adversarial verification. 21 new workflows added. 92/92 tests pass.
package/MINDFORGE.md CHANGED
@@ -3,10 +3,10 @@
3
3
  ## 1. IDENTITY & VERSIONING
4
4
 
5
5
  [NAME] = MindForge
6
- [VERSION] = 11.8.0
6
+ [VERSION] = 11.8.2
7
7
  [STABLE] = true
8
8
  [MODE] = "Platform Sovereign"
9
- [REQUIRED_CORE_VERSION] = 11.8.0
9
+ [REQUIRED_CORE_VERSION] = 11.8.2
10
10
  [SOVEREIGN_IDENTITY] = true
11
11
  [SRE_LAYER_ENABLED] = true
12
12
 
package/README.md CHANGED
@@ -4,9 +4,9 @@
4
4
 
5
5
  ---
6
6
 
7
- ## Latest: v11.8.0
7
+ ## Latest: v11.8.1
8
8
 
9
- - **v11.8.0 — "Workflow Forge II".** Expands the Dynamic Workflow Library from 12 to 33 workflows across 5 tiers — adds a new **Beast tier** for compound 5-phase adversarial workflows (security-hardening, accessibility-audit, security-threat-model), plus 18 more across Dev/Ops/Intelligence/Research. 21 new `/mindforge:wf-*` commands. Total: 219 commands.
9
+ - **v11.8.0 — "Workflow Forge II".** Expands the Dynamic Workflow Library from 12 to 32 workflows across 5 tiers — adds a new **Beast tier** for compound 5-phase adversarial workflows (security-hardening, accessibility-audit, security-threat-model), plus 18 more across Dev/Ops/Intelligence/Research. 21 new `/mindforge:wf-*` commands. Total: 219 commands.
10
10
  - **v11.7.0 — "Workflow Forge".** Ships the first Dynamic Workflow Library — 12 pre-built multi-agent workflow scripts that run via Claude Code's `Workflow` tool with true parallel agent execution. Four tiers: Research (deep-research, competitive-analysis, tech-evaluation), Dev (code-audit, feature-planner, pr-review, tdd-sprint, refactor-plan), Ops (incident-response, release-prep), Intelligence (onboard-codebase, perf-optimize). 13 new `/mindforge:wf-*` commands. Total: 198 commands.
11
11
  - **v11.6.0 — "Skill Forge".** Adds 80 community-sourced skills across 8 domains (software-development, github, devops, research, security, creative, data-science, note-taking) — 30 promoted to engine tier for automatic trigger-matching, 50 in the extended tier for explicit activation. Three new slash commands: `/mindforge:systematic-debug`, `/mindforge:skill-tdd`, `/mindforge:skills-index`. Total: 153 skills, 232 engine-tier entries, 185 commands.
12
12
  - **v11.5.1 — Standalone MCP server.** The MindForge MCP server now ships as its own npm package, `mindforge-mcp-server@11.5.1`, listed on the official MCP Registry as `io.github.sairam0424/mindforge`. Add it to Claude Code with one command (see [Use the MCP server](#-use-the-mcp-server-standalone)); it exposes 7 tools over stdio (6 read-only + 1 guarded write).
@@ -14,6 +14,9 @@
14
14
 
15
15
  See [CHANGELOG.md](./CHANGELOG.md) for full release history.
16
16
 
17
+ <details>
18
+ <summary>v11.0.0 — Sovereign Stability highlights</summary>
19
+
17
20
  ## v11.0.0 — Sovereign Stability
18
21
 
19
22
  MindForge v11.0.0 "Sovereign Stability" is a production-hardening release focused on reliability, performance, and real-world deployment readiness. Key highlights:
@@ -27,6 +30,8 @@ MindForge v11.0.0 "Sovereign Stability" is a production-hardening release focuse
27
30
 
28
31
  This release ships 211 personas, 153 skills, 154 specialized subagents, 198 commands, 18 pillars, and 49 swarm templates across 12 engineering domains.
29
32
 
33
+ </details>
34
+
30
35
 
31
36
  ## Installation & Setup
32
37
 
@@ -46,6 +51,8 @@ for all 11 plugins, token-budget guidance, and team setup.
46
51
 
47
52
  ### 🚀 Quick Start (npx — full framework engine)
48
53
 
54
+ **Prerequisites:** Node.js >= 18.0.0
55
+
49
56
  The npx installer also writes the complete `.mindforge/` engine (governance, memory,
50
57
  planning) into your project:
51
58
 
@@ -80,7 +87,7 @@ npx mindforge-cc@latest --antigravity --local
80
87
  ### 🔗 Use the MCP server (standalone)
81
88
 
82
89
  The MindForge MCP server is published as its own npm package,
83
- **`mindforge-mcp-server`** (`11.5.1`), and is listed on the official
90
+ **`mindforge-mcp-server`** (`11.8.1`), and is listed on the official
84
91
  [MCP Registry](https://registry.modelcontextprotocol.io) as
85
92
  `io.github.sairam0424/mindforge`. Wire it into Claude Code with one command:
86
93
 
@@ -102,6 +109,14 @@ It exposes **7 tools over stdio** — 6 read-only plus 1 guarded write:
102
109
 
103
110
  ---
104
111
 
112
+ ## Quick Verification
113
+
114
+ After install, open Claude Code and type:
115
+ - `/mindforge:status` — verify installation and show project health
116
+ - `/mindforge:next` — auto-discover your first task
117
+
118
+ ---
119
+
105
120
  - **Production Hardening (v11.0.0)** — LRU caches, atomic JSON writes, log rotation, HANDOFF validation, and temporal snapshot GC for crash-safe long-running sessions.
106
121
  - **True Wave Parallelism (v11.0.0)** — Semaphore-based concurrent wave execution with configurable max concurrency replaces sequential dispatch.
107
122
  - **Streaming SDK (v11.0.0)** — WebSocket event streaming, `streamExecution()` AsyncIterable, `batchExecute()`, model streaming across Anthropic/OpenAI/Gemini providers.
@@ -383,7 +398,7 @@ See `.mindforge/production/token-optimiser.md`.
383
398
 
384
399
  ## 🚀 Dynamic Workflow Library
385
400
 
386
- 33 pre-built multi-agent workflow scripts that run via Claude Code's `Workflow` tool. Each workflow fans out concurrent agents, synthesizes results, and returns structured output.
401
+ 32 pre-built multi-agent workflow scripts that run via Claude Code's `Workflow` tool. Each workflow fans out concurrent agents, synthesizes results, and returns structured output.
387
402
 
388
403
  **Discover:** `/mindforge:wf-catalog` or `node bin/mindforge-cli.js workflow list`
389
404
 
package/SECURITY.md CHANGED
@@ -136,3 +136,12 @@ narrow disposable memory · scan skills/hooks/MCP/agents as supply-chain artifac
136
136
  ## Contact
137
137
 
138
138
  For security questions that are not vulnerability reports, open a GitHub Discussion with the "security" label.
139
+
140
+ ## Tier-3 Trust (ZTAI Secure Enclave)
141
+ Tier-3 trust in v1.0 uses **in-process key simulation** (`bin/governance/ztai-manager.js` `SecureEnclaveProvider`). Key material resides in the Node.js heap — it is NOT hardware-isolated. A real TPM/HSM provider is planned for v1.2. **Do not use Tier-3 trust for production credential workflows in v1.0.**
142
+
143
+ ## Audit Log Tamper Evidence
144
+ The Merkle chain (`bin/governance/audit-hash.js`) provides tamper-evidence for content and ordering but does not prevent replay of identical entries. Restrict OS-level write access to `.planning/AUDIT.jsonl` to prevent replay attacks.
145
+
146
+ ## Agent Dispatch (spawn mode)
147
+ `bin/spawn-agent.js` spawn mode exits with an error in v1.0 — real agent dispatch is not yet implemented at the shell level. Use Claude Code slash commands (`/mindforge:auto`, `/mindforge:next`) to dispatch agents. Direct shell-level dispatch is planned for v1.1.
@@ -776,8 +776,14 @@ class AutoRunner {
776
776
  const mirrorPath = await this.mirror.replicate(incident);
777
777
  const decision = await this.adversary.runDebate(incident, mirrorPath);
778
778
  if (decision.verdict === 'APPROVED' || decision.verdict === 'AMENDED') {
779
- const baseline = this.verifier.simulateShadowWave(false);
780
- const postFix = this.verifier.simulateShadowWave(true);
779
+ let baseline, postFix;
780
+ try {
781
+ baseline = this.verifier.simulateShadowWave(false);
782
+ postFix = this.verifier.simulateShadowWave(true);
783
+ } catch (e) {
784
+ this.writeAudit({ event: 'sre_sli_unavailable', rid: incident.remediation_id, reason: e.message });
785
+ return;
786
+ }
781
787
  const verification = await this.verifier.verify(baseline, postFix);
782
788
  if (verification.isHealthy) {
783
789
  this.writeAudit({ event: 'sre_remediation_applied', rid: incident.remediation_id, verdict: decision.verdict });
@@ -4,7 +4,7 @@
4
4
  * Kahn topological sort + cycle detection.
5
5
  * Ported from the previously test-only implementation into the real engine.
6
6
  *
7
- * TODO(UC-xx): same-wave file-conflict detection once tasks carry file lists.
7
+ * TODO(UC-xx): same-wave file-conflict detection deferred until handoff schema carries per-task file lists. See docs/architecture/ for scope.
8
8
  * Handoff tasks (see normalizeTask in wave-executor.js and validateHandoff in
9
9
  * state-manager.js) currently expose only id/name/plan/depends_on — there is
10
10
  * no `files` field to compare. A `findFileConflicts(plans)` check (two tasks
@@ -94,4 +94,6 @@ function importFromBrowser(source) {
94
94
  );
95
95
  }
96
96
 
97
- module.exports = { saveSession, loadSession, importFromBrowser };
97
+ const capabilities = { importFromBrowser: false };
98
+
99
+ module.exports = { saveSession, loadSession, importFromBrowser, capabilities };
@@ -75,6 +75,12 @@ function classify() {
75
75
  if (tier < 3) {
76
76
  if (diffFiles.length > 10 || diffFiles.some(f => f.endsWith('.js') || f.endsWith('.ts'))) {
77
77
  tier = 2; // Significant logic change
78
+ if (diffFiles.length > 10) {
79
+ reasons.push(`Large changeset: ${diffFiles.length} files modified`);
80
+ } else {
81
+ const jsFile = diffFiles.find(f => f.endsWith('.js') || f.endsWith('.ts'));
82
+ if (jsFile) reasons.push(`JavaScript/TypeScript file modified: ${jsFile}`);
83
+ }
78
84
  }
79
85
  }
80
86
 
@@ -9,6 +9,8 @@ const configManager = require('./config-manager');
9
9
 
10
10
  const generateKeyPair = promisify(crypto.generateKeyPair);
11
11
 
12
+ const SECURITY_TIER_3_SIMULATED = true;
13
+
12
14
  /**
13
15
  * Abstract Base Class for Key Providers
14
16
  */
@@ -61,6 +63,9 @@ class LocalKeyProvider extends KeyProvider {
61
63
  class SecureEnclaveProvider extends KeyProvider {
62
64
  constructor() {
63
65
  super();
66
+ console.warn('[ZTAI] WARNING: Tier-3 trust using simulated in-process key storage. ' +
67
+ 'Key material resides in the Node.js heap — not hardware-isolated. ' +
68
+ 'Do not use Tier-3 trust for production credential workflows in v1.0.');
64
69
  this.enclaveStore = new Map(); // DID -> { privateKey, metadata }
65
70
  }
66
71
 
@@ -141,11 +146,32 @@ class QuantumSafeKeyProvider extends KeyProvider {
141
146
  class ZTAIManager {
142
147
  constructor() {
143
148
  this.agentRegistry = new Map(); // DID -> { publicKey, persona, tier, providerType }
144
- this.providers = {
145
- local: new LocalKeyProvider(),
146
- enclave: new SecureEnclaveProvider(),
147
- quantum: new QuantumSafeKeyProvider()
148
- };
149
+ this._providers = {}; // lazily populated — see _getProvider()
150
+ }
151
+
152
+ /**
153
+ * Returns the key provider for the given providerType, constructing it on
154
+ * first use. This defers SecureEnclaveProvider (and its Tier-3 console
155
+ * warning) until a Tier-3+ agent is actually registered, and defers
156
+ * QuantumSafeKeyProvider (and its `require('./quantum-crypto')`) until PQC
157
+ * is explicitly requested — so unrelated commands stay warning-free.
158
+ *
159
+ * @param {'local'|'enclave'|'quantum'} providerType
160
+ * @returns {KeyProvider}
161
+ */
162
+ _getProvider(providerType) {
163
+ if (!this._providers[providerType]) {
164
+ if (providerType === 'local') {
165
+ this._providers[providerType] = new LocalKeyProvider();
166
+ } else if (providerType === 'enclave') {
167
+ this._providers[providerType] = new SecureEnclaveProvider();
168
+ } else if (providerType === 'quantum') {
169
+ this._providers[providerType] = new QuantumSafeKeyProvider();
170
+ } else {
171
+ throw new Error(`Unknown provider type: ${providerType}`);
172
+ }
173
+ }
174
+ return this._providers[providerType];
149
175
  }
150
176
 
151
177
  /**
@@ -187,7 +213,7 @@ class ZTAIManager {
187
213
  const did = `did:mindforge:${uuid}`;
188
214
 
189
215
  const providerType = this._selectProvider(tier);
190
- const provider = this.providers[providerType];
216
+ const provider = this._getProvider(providerType);
191
217
 
192
218
  const publicKeyPEM = await provider.generate(did);
193
219
 
@@ -216,7 +242,7 @@ class ZTAIManager {
216
242
  const agent = this.agentRegistry.get(did);
217
243
  if (!agent) throw new Error(`Agent not registered: ${did}`);
218
244
 
219
- const provider = this.providers[agent.providerType];
245
+ const provider = this._getProvider(agent.providerType);
220
246
  return await provider.sign(did, data);
221
247
  }
222
248
 
@@ -240,7 +266,7 @@ class ZTAIManager {
240
266
  const agent = this.agentRegistry.get(did);
241
267
  if (!agent) throw new Error(`Agent not found: ${did}`);
242
268
 
243
- const provider = this.providers[agent.providerType];
269
+ const provider = this._getProvider(agent.providerType);
244
270
  agent.publicKey = await provider.rotate(did);
245
271
  agent.rotatedAt = new Date().toISOString();
246
272
  return true;
@@ -249,7 +275,7 @@ class ZTAIManager {
249
275
  revokeAgent(did) {
250
276
  const agent = this.agentRegistry.get(did);
251
277
  if (agent) {
252
- this.providers[agent.providerType].delete(did);
278
+ this._getProvider(agent.providerType).delete(did);
253
279
  this.agentRegistry.delete(did);
254
280
  }
255
281
  }
@@ -307,3 +333,4 @@ class ZTAIManager {
307
333
  }
308
334
 
309
335
  module.exports = new ZTAIManager();
336
+ module.exports.SECURITY_TIER_3_SIMULATED = SECURITY_TIER_3_SIMULATED;
@@ -952,3 +952,8 @@ async function run(args) {
952
952
  }
953
953
 
954
954
  module.exports = { run, install, uninstall, RUNTIMES, generateEntryContent, SENSITIVE_EXCLUDE, MINDFORGE_DEV_EXCLUDE };
955
+
956
+ if (require.main === module) {
957
+ const args = process.argv.slice(2);
958
+ run(args).catch(err => { console.error(err.message); process.exit(1); });
959
+ }
@@ -144,9 +144,13 @@ class EISClient {
144
144
  }
145
145
  }
146
146
 
147
- // TODO: implement when remote nodes are available
147
+ // TODO(EIS-remote): implement cross-node context resolution in v1.1
148
148
  async resolveRemoteNode(nodeId) {
149
- return null;
149
+ // TODO(EIS-remote): implement cross-node context resolution in v1.1
150
+ throw new Error(
151
+ `EIS remote node resolution not implemented (nodeId: ${nodeId}). ` +
152
+ 'Cross-node context is local-only in v1.0.'
153
+ );
150
154
  }
151
155
 
152
156
  /**
@@ -182,7 +182,7 @@ const result = spawnSync('node', [scriptPath, ...finalArgs], {
182
182
  env: { ...process.env, MINDFORGE_CLI: 'true' }
183
183
  });
184
184
 
185
- process.exit(result.status || 0);
185
+ process.exit(result.status != null ? result.status : (result.signal ? 1 : 0));
186
186
 
187
187
  /**
188
188
  * Levenshtein distance — dynamic programming edit distance between two strings.
@@ -90,3 +90,22 @@ async function runCrossReview(params) {
90
90
  }
91
91
 
92
92
  module.exports = { runCrossReview, parseFindings: synthesizeFindings.parseFindings, extractVerdict };
93
+
94
+ if (require.main === module) {
95
+ const args = process.argv.slice(2);
96
+ const phase = args.find(a => a.startsWith('--phase='))?.split('=')[1] || 'full';
97
+ const diff = args.find(a => a.startsWith('--diff='))?.split('=')[1] || 'HEAD';
98
+ const context = args.find(a => a.startsWith('--context='))?.split('=')[1] || '';
99
+ if (args.includes('--help') || args.length === 0) {
100
+ console.log('MindForge PR Review — Cross-model review engine');
101
+ console.log('Usage: node bin/review/cross-review-engine.js [--diff=HEAD] [--phase=full] [--context=...]');
102
+ console.log(' --diff Git ref or diff target (default: HEAD)');
103
+ console.log(' --phase Review phase: full|security|quality|performance (default: full)');
104
+ console.log(' --context Additional context string for the review');
105
+ process.exit(0);
106
+ }
107
+ console.log(`[MindForge PR Review] Starting ${phase} review of ${diff}...`);
108
+ runCrossReview({ phaseNum: phase, diff, context })
109
+ .then(result => { console.log(JSON.stringify(result, null, 2)); process.exit(0); })
110
+ .catch(err => { console.error('Review failed:', err.message); process.exit(1); });
111
+ }
@@ -26,6 +26,7 @@ const SAFE_NAME_PATTERN = /^[A-Za-z0-9-_]+$/;
26
26
  if (!MODE || !TARGET) {
27
27
  console.error('❌ Usage: node bin/spawn-agent.js <mode> <target> [--dry-run]');
28
28
  console.error(' modes: identity | spawn | subagent');
29
+ console.error(' Note: spawn mode performs persona resolution only in v1.0 — actual agent dispatch requires Claude Code slash commands (/mindforge:auto or /mindforge:next)');
29
30
  process.exit(1);
30
31
  }
31
32
 
@@ -125,13 +126,16 @@ async function run() {
125
126
  process.exit(0);
126
127
  }
127
128
 
128
- // Future: Integration with Antigravity / Claude Code runtime
129
- console.log('🛠️ Dispatching to agent runtime...');
130
- // For now, we simulate the environment preparation
131
- setTimeout(() => {
132
- console.log(' Agent environment active.');
133
- process.exit(0);
134
- }, 500);
129
+ // Agent dispatch to Claude Code runtime is not yet implemented.
130
+ // Use Claude Code slash commands to dispatch agents instead.
131
+ console.error(
132
+ 'Agent spawn dispatch not implemented in v1.0.\n' +
133
+ ' Use Claude Code slash commands instead:\n' +
134
+ ' /mindforge:auto — reactive engine start\n' +
135
+ ' /mindforge:next — primary auto-discovery\n' +
136
+ ' See docs/troubleshooting.md for details.'
137
+ );
138
+ process.exit(1);
135
139
  }
136
140
 
137
141
  run().catch(err => {
@@ -66,9 +66,17 @@ class SLIVerifier {
66
66
 
67
67
  /**
68
68
  * Heuristic simulation of a "Shadow Wave" to generate metrics.
69
+ * Gated behind MINDFORGE_SRE_SIMULATE=true — must not run in production
70
+ * without explicit opt-in.
69
71
  */
70
72
  simulateShadowWave(isFixApplied = false) {
71
- // Generate jittery but realistic metrics
73
+ if (process.env.MINDFORGE_SRE_SIMULATE !== 'true') {
74
+ throw new Error(
75
+ '[SRE] simulateShadowWave() called outside simulate mode. ' +
76
+ 'Set MINDFORGE_SRE_SIMULATE=true to enable SLI simulation, ' +
77
+ 'or implement real metric collection from /api/v1/system.'
78
+ );
79
+ }
72
80
  return {
73
81
  latency: 120 + (Math.random() * 20),
74
82
  error_rate: isFixApplied ? 0.001 : 0.05,
@@ -14,7 +14,7 @@ import {
14
14
  } from '@mindforge/sdk';
15
15
  ```
16
16
 
17
- Current SDK version: `10.0.1`
17
+ Current SDK version: `11.8.1`
18
18
 
19
19
  ---
20
20
 
@@ -93,6 +93,18 @@ Returns `true` if the unified SQLite knowledge database (`celestial.db`) exists
93
93
 
94
94
  Returns the absolute path to the project's `celestial.db` SQLite database file.
95
95
 
96
+ #### `importFromBrowser(sessionData: unknown): Promise<void>`
97
+
98
+ Imports a session snapshot captured from a browser environment into the local session store.
99
+
100
+ > **[NOT IMPLEMENTED — v1.0]** This method always throws. Check `sessionManager.capabilities.importFromBrowser === false` before calling. Use `saveSession`/`loadSession` instead.
101
+
102
+ #### `resolveRemoteNode(nodeId: string): Promise<unknown>`
103
+
104
+ Resolves context for a node residing on a remote EIS (Edge Intelligence Shard) instance.
105
+
106
+ > **[NOT IMPLEMENTED — v1.0]** `resolveRemoteNode(nodeId)` always throws. Cross-node context resolution is local-only in v1.0. Planned for v1.1.
107
+
96
108
  ---
97
109
 
98
110
  ## `MindForgeMemory`
@@ -137,3 +137,12 @@ If the above doesn’t resolve it:
137
137
  - **Architecture**: `docs/architecture/V5-ENTERPRISE.md`
138
138
  - **Commands**: `docs/commands-reference.md`
139
139
  - **Personas**: `docs/PERSONAS.md`
140
+
141
+ ## Agent spawn returns immediately with no action
142
+ `spawn` mode in `bin/spawn-agent.js` exits with an error in v1.0. Real agent dispatch requires Claude Code slash commands. Use `/mindforge:auto` or `/mindforge:next` to dispatch agents.
143
+
144
+ ## `importFromBrowser` crashes
145
+ Browser cookie import from native browser profiles is not implemented in v1.0. Use `saveSession`/`loadSession` instead. Check `sessionManager.capabilities.importFromBrowser` before calling.
146
+
147
+ ## Tests fail when run from a parent directory
148
+ All tests must be run from the MindForge project root: `cd /path/to/MindForge && npm test`. Running from the parent workspace will produce false failures.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "mindforge-cc",
3
- "version": "11.8.0",
3
+ "version": "11.8.2",
4
4
  "description": "MindForge \u2014 Sovereign Agentic Intelligence Framework. Sovereign Stability: Production-Hardened Agentic Intelligence (v11)",
5
5
  "bin": {
6
6
  "mindforge-cc": "bin/install.js",
@@ -1,32 +0,0 @@
1
- ---
2
- description: "Fan-out web research with adversarial claim verification and cited synthesis"
3
- ---
4
- # /mindforge:wf-deep-research
5
-
6
- Runs the **Deep Research** dynamic workflow.
7
-
8
- ## Usage
9
- `/mindforge:wf-deep-research <your research question>`
10
-
11
- ## What it does
12
- - **Scope**: Decomposes your question into 5 independent search angles
13
- - **Search**: 5 parallel web search agents, one per angle (~30s)
14
- - **Fetch**: Deduplicates URLs, fetches top 15 sources, extracts falsifiable claims
15
- - **Verify**: 3-vote adversarial verification per claim — 2/3 refutes kills a claim
16
- - **Synthesize**: Merges confirmed findings, ranks by confidence, cites all sources
17
-
18
- ## Running
19
-
20
- Invoke via Claude Code's Workflow tool:
21
-
22
- ```
23
- Workflow({
24
- scriptPath: ".mindforge/dynamic-workflows/scripts/deep-research.js",
25
- args: "<your input>"
26
- })
27
- ```
28
-
29
- Or discover via CLI:
30
- ```bash
31
- node bin/mindforge-cli.js workflow info deep-research
32
- ```
@@ -1,32 +0,0 @@
1
- ---
2
- description: "Fan-out web research with adversarial claim verification and cited synthesis"
3
- ---
4
- # /mindforge:wf-deep-research
5
-
6
- Runs the **Deep Research** dynamic workflow.
7
-
8
- ## Usage
9
- `/mindforge:wf-deep-research <your research question>`
10
-
11
- ## What it does
12
- - **Scope**: Decomposes your question into 5 independent search angles
13
- - **Search**: 5 parallel web search agents, one per angle (~30s)
14
- - **Fetch**: Deduplicates URLs, fetches top 15 sources, extracts falsifiable claims
15
- - **Verify**: 3-vote adversarial verification per claim — 2/3 refutes kills a claim
16
- - **Synthesize**: Merges confirmed findings, ranks by confidence, cites all sources
17
-
18
- ## Running
19
-
20
- Invoke via Claude Code's Workflow tool:
21
-
22
- ```
23
- Workflow({
24
- scriptPath: ".mindforge/dynamic-workflows/scripts/deep-research.js",
25
- args: "<your input>"
26
- })
27
- ```
28
-
29
- Or discover via CLI:
30
- ```bash
31
- node bin/mindforge-cli.js workflow info deep-research
32
- ```