Files
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00

9.7 KiB

IPFS Plugin Registry Setup Guide

This guide walks through setting up a live IPFS plugin registry using Google Cloud and Pinata.

Prerequisites

  • Google Cloud account with billing enabled
  • Node.js 20+
  • gcloud CLI installed

Step 1: Pinata Setup (IPFS Pinning Service)

1.1 Create Pinata Account

  1. Go to https://pinata.cloud and create an account
  2. Navigate to API Keys section
  3. Create a new API key with these permissions:
    • pinning/pinFileToIPFS: true
    • pinning/pinJSONToIPFS: true
    • pinning/unpin: true

1.2 Save Your Credentials

# Add to your shell profile (~/.zshrc or ~/.bashrc)
export PINATA_JWT="your-jwt-token-here"

1.3 Generate IPNS Key (Optional - for stable addressing)

If you have Pinata's paid plan with Dedicated Gateways:

# Via Pinata dashboard or API
curl -X POST "https://api.pinata.cloud/v3/ipfs/keys" \
  -H "Authorization: Bearer $PINATA_JWT" \
  -H "Content-Type: application/json" \
  -d '{"name": "claude-flow-registry"}'

Step 2: Google Cloud Setup

2.1 Create Project

# Create new project
gcloud projects create claude-flow-registry --name="Claude Flow Registry"

# Set as active project
gcloud config set project claude-flow-registry

# Enable billing (required for Cloud Functions)
gcloud beta billing projects link claude-flow-registry \
  --billing-account=YOUR_BILLING_ACCOUNT_ID

2.2 Enable Required APIs

gcloud services enable \
  cloudfunctions.googleapis.com \
  cloudbuild.googleapis.com \
  storage.googleapis.com \
  secretmanager.googleapis.com

2.3 Create Storage Bucket

# Create bucket for registry source data
gcloud storage buckets create gs://claude-flow-plugin-registry \
  --location=US \
  --uniform-bucket-level-access

# Enable versioning for rollback
gsutil versioning set on gs://claude-flow-plugin-registry

# Make registry.json publicly readable (optional)
gsutil iam ch allUsers:objectViewer gs://claude-flow-plugin-registry

2.4 Create Service Account

# Create service account
gcloud iam service-accounts create plugin-registry-publisher \
  --display-name="Plugin Registry Publisher"

# Grant permissions
gcloud projects add-iam-policy-binding claude-flow-registry \
  --member="serviceAccount:plugin-registry-publisher@claude-flow-registry.iam.gserviceaccount.com" \
  --role="roles/storage.objectAdmin"

gcloud projects add-iam-policy-binding claude-flow-registry \
  --member="serviceAccount:plugin-registry-publisher@claude-flow-registry.iam.gserviceaccount.com" \
  --role="roles/secretmanager.secretAccessor"

2.5 Store Secrets

# Store Pinata JWT
echo -n "$PINATA_JWT" | gcloud secrets create pinata-jwt --data-file=-

# Generate and store Ed25519 signing key
node -e "
const crypto = require('crypto');
const { subtle } = require('crypto').webcrypto;
(async () => {
  const keyPair = await subtle.generateKey(
    { name: 'Ed25519', namedCurve: 'Ed25519' },
    true,
    ['sign', 'verify']
  );
  const privateKey = await subtle.exportKey('pkcs8', keyPair.privateKey);
  const privateKeyHex = Buffer.from(privateKey).toString('hex');
  console.log(privateKeyHex);
})();
" | gcloud secrets create registry-private-key --data-file=-

Step 3: Deploy Cloud Function

3.1 Create Function Directory

mkdir -p cloud-functions/publish-registry
cd cloud-functions/publish-registry

3.2 Create package.json

{
  "name": "publish-registry",
  "version": "1.0.0",
  "main": "index.js",
  "type": "module",
  "dependencies": {
    "@google-cloud/storage": "^7.0.0",
    "@google-cloud/secret-manager": "^5.0.0",
    "@noble/ed25519": "^2.0.0"
  }
}

3.3 Create index.js

import { Storage } from '@google-cloud/storage';
import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
import * as ed from '@noble/ed25519';

const storage = new Storage();
const secretManager = new SecretManagerServiceClient();

async function getSecret(name) {
  const [version] = await secretManager.accessSecretVersion({
    name: `projects/claude-flow-registry/secrets/${name}/versions/latest`,
  });
  return version.payload.data.toString();
}

export async function publishRegistry(req, res) {
  try {
    // Get secrets
    const pinataJwt = await getSecret('pinata-jwt');
    const privateKey = await getSecret('registry-private-key');

    // Fetch registry from GCS
    const bucket = storage.bucket('claude-flow-plugin-registry');
    const file = bucket.file('registry.json');
    const [content] = await file.download();
    const registry = JSON.parse(content.toString());

    // Update timestamp
    registry.updatedAt = new Date().toISOString();

    // Sign registry
    const registryToSign = { ...registry };
    delete registryToSign.registrySignature;
    delete registryToSign.registryPublicKey;

    const message = JSON.stringify(registryToSign);
    const signature = await ed.signAsync(
      new TextEncoder().encode(message),
      Buffer.from(privateKey, 'hex')
    );
    const publicKey = await ed.getPublicKeyAsync(Buffer.from(privateKey, 'hex'));

    registry.registrySignature = Buffer.from(signature).toString('hex');
    registry.registryPublicKey = `ed25519:${Buffer.from(publicKey).toString('hex')}`;

    // Pin to IPFS
    const pinResponse = await fetch('https://api.pinata.cloud/pinning/pinJSONToIPFS', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${pinataJwt}`,
      },
      body: JSON.stringify({
        pinataContent: registry,
        pinataMetadata: {
          name: 'claude-flow-plugin-registry',
          keyvalues: {
            version: registry.version,
            updatedAt: registry.updatedAt,
          },
        },
      }),
    });

    if (!pinResponse.ok) {
      throw new Error(`Pinata error: ${await pinResponse.text()}`);
    }

    const pinResult = await pinResponse.json();

    res.json({
      success: true,
      cid: pinResult.IpfsHash,
      updatedAt: registry.updatedAt,
      pluginCount: registry.plugins.length,
      gateways: [
        `https://gateway.pinata.cloud/ipfs/${pinResult.IpfsHash}`,
        `https://ipfs.io/ipfs/${pinResult.IpfsHash}`,
      ],
    });
  } catch (error) {
    console.error('Publish failed:', error);
    res.status(500).json({ error: error.message });
  }
}

3.4 Deploy Function

gcloud functions deploy publish-registry \
  --gen2 \
  --runtime=nodejs20 \
  --region=us-central1 \
  --source=. \
  --entry-point=publishRegistry \
  --trigger-http \
  --allow-unauthenticated \
  --service-account=plugin-registry-publisher@claude-flow-registry.iam.gserviceaccount.com \
  --set-env-vars=GCP_PROJECT=claude-flow-registry

Step 4: Create Initial Registry

4.1 Upload Registry to GCS

# Generate initial registry
npx tsx scripts/publish-registry.ts --dry-run > registry.json

# Upload to GCS
gsutil cp registry.json gs://claude-flow-plugin-registry/registry.json

4.2 Trigger First Publish

# Get function URL
FUNCTION_URL=$(gcloud functions describe publish-registry \
  --gen2 --region=us-central1 --format='value(serviceConfig.uri)')

# Trigger publish
curl -X POST "$FUNCTION_URL"

Step 5: Automate with Cloud Build

5.1 Create cloudbuild.yaml

steps:
  # Update registry from npm stats
  - name: 'node:20'
    entrypoint: 'npx'
    args: ['tsx', 'scripts/publish-registry.ts', '--dry-run']
    dir: 'v3/@claude-flow/cli'

  # Upload to GCS
  - name: 'gcr.io/cloud-builders/gsutil'
    args: ['cp', 'registry.json', 'gs://claude-flow-plugin-registry/registry.json']

  # Trigger Cloud Function
  - name: 'gcr.io/cloud-builders/curl'
    args: ['-X', 'POST', '${_FUNCTION_URL}']

substitutions:
  _FUNCTION_URL: 'https://us-central1-claude-flow-registry.cloudfunctions.net/publish-registry'

# Run daily at 2am UTC
options:
  logging: CLOUD_LOGGING_ONLY

5.2 Create Cloud Scheduler Trigger

gcloud scheduler jobs create http publish-registry-daily \
  --location=us-central1 \
  --schedule="0 2 * * *" \
  --uri="https://us-central1-claude-flow-registry.cloudfunctions.net/publish-registry" \
  --http-method=POST

Step 6: Update Claude Flow CLI

Update DEFAULT_PLUGIN_STORE_CONFIG in discovery.ts:

export const DEFAULT_PLUGIN_STORE_CONFIG: PluginStoreConfig = {
  registries: [
    {
      name: 'claude-flow-official',
      description: 'Official Claude Flow plugin registry',
      // Use the CID from your first publish
      ipnsName: 'YOUR_IPNS_KEY_OR_CID',
      gateway: 'https://gateway.pinata.cloud',
      // Use your public key from the signing step
      publicKey: 'ed25519:YOUR_PUBLIC_KEY',
      trusted: true,
      official: true,
    },
  ],
  // ... rest of config
};

Cost Estimate

Service Free Tier Paid Tier
Pinata 1GB storage, 100 pins $20/mo for 100GB
GCS 5GB free ~$0.02/GB/mo
Cloud Functions 2M invocations free ~$0.40/million
Cloud Scheduler 3 jobs free $0.10/job/mo
Total $0 ~$20/mo

Troubleshooting

IPNS Resolution Fails

  • Ensure the CID is pinned on Pinata
  • Try different gateways (ipfs.io, cloudflare-ipfs.com)
  • IPNS can take 5-10 minutes to propagate

Signature Verification Fails

  • Ensure the public key in config matches the signing key
  • Check that the registry wasn't modified after signing

Cloud Function Errors

  • Check Cloud Logging for detailed errors
  • Verify service account has correct permissions
  • Test secrets access manually

References