Files
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00

9.2 KiB

Knowledge Management Guide

Three modules handle how the system knows what it knows — and how certain it is about it:

  • UncertaintyLedger — Probabilistic belief tracking with confidence intervals
  • TemporalStore — Bitemporal assertions with validity windows
  • TruthAnchors — Immutable externally-signed facts

When to Use Each

Need Module
"How confident are we that X is true?" UncertaintyLedger
"What was true at time T?" / "When does X expire?" TemporalStore
"This fact must never be contradicted by an agent" TruthAnchors

Uncertainty Ledger

Creating Beliefs

Every piece of knowledge carries explicit uncertainty metadata:

import { createUncertaintyLedger } from '@claude-flow/guidance/uncertainty';

const ledger = createUncertaintyLedger({
  defaultConfidence: { low: 0.3, mid: 0.5, high: 0.7 },
  decayRatePerHour: 0.01, // Confidence decays 1% per hour
});

// Assert a belief with evidence
const id = ledger.assert('auth', 'Login uses bcrypt for password hashing', {
  confidence: { low: 0.75, mid: 0.88, high: 0.95 },
  evidence: [
    'Found bcrypt import in src/auth.ts line 5',
    'Password comparison uses bcrypt.compare()',
  ],
  tags: ['security', 'authentication'],
});

Belief Lifecycle

Beliefs flow through states based on evidence:

confirmed → probable → uncertain → contested → refuted
// Add supporting evidence — confidence increases
ledger.addEvidence(id, {
  supporting: true,
  description: 'Integration test verifies bcrypt output format',
  weight: 0.8,
});

// Add opposing evidence — confidence decreases
ledger.addEvidence(id, {
  supporting: false,
  description: 'Found SHA-256 fallback path in legacy code',
  weight: 0.6,
});

const belief = ledger.get(id);
// belief.status: 'probable' (recomputed from all evidence)
// belief.confidence: { low: 0.65, mid: 0.78, high: 0.90 }

Inference Chains

Beliefs can depend on other beliefs. Child confidence is bounded by parent:

const parentId = ledger.assert('system', 'Auth service is running', {
  confidence: { low: 0.9, mid: 0.95, high: 0.99 },
});

const childId = ledger.assert('system', 'Login endpoint accepts requests', {
  confidence: { low: 0.85, mid: 0.92, high: 0.97 },
  parentId: parentId, // Depends on auth service running
});

// If parent confidence drops, child is bounded:
ledger.addEvidence(parentId, {
  supporting: false,
  description: 'Health check failed',
  weight: 0.9,
});
// Child confidence is now capped by parent's reduced confidence

Querying

// All beliefs in a namespace
const authBeliefs = ledger.query({ namespace: 'auth' });

// Only contested beliefs
const contested = ledger.query({ status: 'contested' });

// Beliefs below a confidence threshold
const uncertain = ledger.query({ maxConfidence: 0.5 });

// Beliefs with specific tags
const security = ledger.query({ tags: ['security'] });

Aggregation

import { createUncertaintyAggregator } from '@claude-flow/guidance/uncertainty';

const agg = createUncertaintyAggregator(ledger);

// Geometric mean confidence across a set of beliefs
const avgConf = agg.aggregateConfidence(['belief-1', 'belief-2', 'belief-3']);

// Worst-case confidence (lowest in the set)
const worst = agg.worstCase(['belief-1', 'belief-2']);

// Are any beliefs contested?
const hasContested = agg.hasContested(['belief-1', 'belief-2', 'belief-3']);

Temporal Store

The Problem

Knowledge changes over time. The database host was postgres-1 last week but is postgres-2 now. An API was v2 until yesterday; now it's v3. Simple key-value storage loses this history.

Bitemporal Model

Every assertion has two time dimensions:

  1. Assertion time — when the fact was recorded in the system
  2. Validity time — when the fact is true in the real world
import { createTemporalStore, createTemporalReasoner } from '@claude-flow/guidance/temporal';

const store = createTemporalStore();

// Assert: db-host is postgres-1 from Jan 1 to Jan 15
store.assert('config', 'db-host', 'postgres-1.internal', {
  validFrom: new Date('2026-01-01').getTime(),
  validUntil: new Date('2026-01-15').getTime(),
});

// Assert: db-host is postgres-2 from Jan 15 onwards
store.assert('config', 'db-host', 'postgres-2.internal', {
  validFrom: new Date('2026-01-15').getTime(),
  validUntil: null, // No end date — currently valid
});

Querying by Time

const reasoner = createTemporalReasoner(store);

// What's true right now?
const current = reasoner.whatIsTrue('config');
// [{ key: 'db-host', value: 'postgres-2.internal', ... }]

// What was true on Jan 10?
const past = reasoner.whatWasTrue('config', new Date('2026-01-10').getTime());
// [{ key: 'db-host', value: 'postgres-1.internal', ... }]

// What will be true on Feb 1?
const future = reasoner.whatWillBeTrue('config', new Date('2026-02-01').getTime());
// [{ key: 'db-host', value: 'postgres-2.internal', ... }]

Supersession

When a new fact replaces an old one, the old one is preserved but marked as superseded:

const oldId = store.assert('api', 'version', 'v2', {
  validFrom: new Date('2025-06-01').getTime(),
});

const newId = store.assert('api', 'version', 'v3', {
  validFrom: new Date('2026-01-01').getTime(),
  supersedes: oldId, // Explicitly links to the old assertion
});

// Old assertion is still queryable for historical analysis
// but its status is now 'superseded'

Retraction

Soft-delete that preserves history:

store.retract(assertionId);
// The assertion is marked retracted but not deleted
// Historical queries still return it with status 'retracted'

Conflict Detection

const conflicts = reasoner.findConflicts('config');
// Returns pairs of assertions that are both active for the same key at the same time

const changes = reasoner.changesSince('config', lastCheckTimestamp);
// Returns all assertions created or retracted since the given time

Truth Anchors

The Problem

Internal beliefs can be wrong. Agents can reason themselves into incorrect conclusions. Some facts need to be pinned by an external authority and never overridden.

Creating Anchors

import { createTruthAnchorStore, createTruthResolver } from '@claude-flow/guidance/truth-anchors';

const store = createTruthAnchorStore('anchor-signing-key');

// Human pins a fact
store.create({
  kind: 'human',
  claim: 'Production database is read-only for all agents',
  attester: 'ops-team@company.com',
  tags: ['production', 'database', 'policy'],
});

// External system pins a fact
store.create({
  kind: 'sensor',
  claim: 'API rate limit is 1000 requests per minute',
  attester: 'api-gateway-monitor',
  tags: ['api', 'rate-limit'],
});

// Regulatory requirement
store.create({
  kind: 'authority',
  claim: 'PII must not be stored in agent memory',
  attester: 'compliance-officer',
  tags: ['compliance', 'pii', 'gdpr'],
});

Anchor Properties

  • Immutable — Once created, an anchor cannot be modified
  • Signed — HMAC-SHA256 signature over the claim
  • Append-only — The store only grows (max 50,000 with LRU eviction of expired-only)
  • Verifiable — Any anchor's signature can be independently verified

Resolving Conflicts

When an agent's belief contradicts a truth anchor, the anchor wins:

const resolver = createTruthResolver(store);

// Agent believes it can write to production DB
const resolution = resolver.resolveMemoryConflict(
  'db-access',
  'Agent can write to production database'
);
// resolution.anchorWins: true
// resolution.anchor: the 'read-only' anchor
// resolution.recommendation: 'Override agent belief with truth anchor'

Topic-Based Ground Truth

// Get all anchors relevant to a topic
const dbAnchors = resolver.getGroundTruth('database');
// Fuzzy matches on tags: finds anchors tagged 'database', 'db', etc.

const complianceAnchors = resolver.getGroundTruth('gdpr compliance');
// Finds anchors tagged 'compliance', 'gdpr', 'pii'

Verification

// Verify a single anchor's signature
const valid = store.verify(anchorId);

// Verify all anchors in the store
const report = store.verifyAll();
// report.valid: number of valid anchors
// report.invalid: number with broken signatures
// report.details: per-anchor verification results

Using All Three Together

// 1. Pin critical facts with truth anchors
anchors.create({
  kind: 'human',
  claim: 'Max agent budget is $5.00 per session',
  attester: 'admin',
  tags: ['budget'],
});

// 2. Track beliefs with uncertainty
const beliefId = uncertainty.assert('costs', 'Current session cost is $2.30', {
  confidence: { low: 0.95, mid: 0.98, high: 1.0 },
  evidence: ['Token counter reports 23,000 tokens at $0.01/1k'],
});

// 3. Record temporal validity
temporal.assert('costs', 'session-budget-remaining', '$2.70', {
  validFrom: Date.now(),
  validUntil: Date.now() + 3600_000, // Valid for this session
});

// 4. Before any spending decision, check all three:
const anchor = resolver.getGroundTruth('budget');
// anchor says: max $5.00

const belief = uncertainty.get(beliefId);
// belief says: ~$2.30 spent (98% confidence)

const currentBudget = reasoner.whatIsTrue('costs');
// temporal says: $2.70 remaining

// If belief contradicts anchor, anchor wins