Files
ruvnet--ruflo/v3/implementation/adrs/ADR-018-claude-code-integration.md
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00

17 KiB

ADR-018: Claude Code Deep Integration Architecture

Status: Accepted Date: 2026-01-07 Author: System Architecture Designer Version: 1.0.0

Context

The @anthropic-ai/claude-code package (v2.1.1) provides the official CLI for Claude AI. Deep integration with Claude Code enables enhanced developer experience for claude-flow users. This ADR documents undocumented integration points discovered through source code analysis that are not covered in official documentation.

Analysis Methodology

  1. Downloaded and extracted @anthropic-ai/claude-code@2.1.1 to /tmp/package/
  2. Analyzed sdk-tools.d.ts (tool input schemas)
  3. Analyzed cli.js (11MB bundled CLI) for patterns
  4. Searched for environment variables, hook patterns, and configuration schemas

Decision

Implement Claude Code integration as an OPTIONAL peer dependency with graceful fallback, leveraging undocumented APIs where beneficial while maintaining compatibility.


Undocumented Integration Points

1. SDK Tool Input Schemas (sdk-tools.d.ts)

Location: node_modules/@anthropic-ai/claude-code/sdk-tools.d.ts

Claude Code exports complete TypeScript definitions for all tool inputs. These can be used for:

  • Type-safe tool input validation
  • Programmatic tool invocation
  • Building custom integrations
// Tool Input Types Available
export type ToolInputSchemas =
  | AgentInput           // Task tool for spawning agents
  | BashInput            // Shell command execution
  | TaskOutputInput      // Background task output retrieval
  | ExitPlanModeInput    // Plan mode exit
  | FileEditInput        // File editing (Edit tool)
  | FileReadInput        // File reading (Read tool)
  | FileWriteInput       // File writing (Write tool)
  | GlobInput            // File pattern matching
  | GrepInput            // Content search
  | KillShellInput       // Background shell termination
  | ListMcpResourcesInput // MCP resource listing
  | McpInput             // MCP tool invocation
  | NotebookEditInput    // Jupyter notebook editing
  | ReadMcpResourceInput // MCP resource reading
  | TodoWriteInput       // Task tracking
  | WebFetchInput        // Web content fetching
  | WebSearchInput       // Web search
  | AskUserQuestionInput // Interactive prompts
  | ConfigInput;         // Configuration management

Key Interfaces:

// AgentInput - For spawning sub-agents
interface AgentInput {
  description: string;           // 3-5 word task description
  prompt: string;                // Full task prompt
  subagent_type: string;         // Agent type identifier
  model?: "sonnet" | "opus" | "haiku";  // Model selection
  resume?: string;               // Agent ID for resumption
  run_in_background?: boolean;   // Background execution
}

// BashInput - Shell execution
interface BashInput {
  command: string;
  timeout?: number;              // Max 600000ms
  description?: string;          // 5-10 word description
  run_in_background?: boolean;
  dangerouslyDisableSandbox?: boolean;  // UNDOCUMENTED: Bypass sandbox
}

2. Hook System Events

Claude Code supports a comprehensive hook system with these event types:

Event Type Trigger Use Case
PreToolUse Before tool execution Input modification, validation
PostToolUse After tool execution Result processing, logging
UserPromptSubmit User submits prompt Auto-routing, preprocessing
Notification System notifications Alerts, status updates

PreToolUse Hook Contract:

// Input provided to hook (stdin JSON)
interface PreToolUseInput {
  tool_input: {
    command?: string;      // For Bash
    file_path?: string;    // For file operations
    [key: string]: unknown;
  };
  session_id?: string;
  tool_name: string;
}

// Output expected from hook (stdout JSON)
interface PreToolUseOutput {
  tool_input: object;      // Modified input (or original)
  decision?: 'allow' | 'deny' | 'ask';
  reason?: string;
}

Hook Configuration in settings.json:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "Bash",
        "hooks": ["npx claude-flow@v3alpha hooks modify-bash"]
      },
      {
        "matcher": "Write|Edit",
        "hooks": ["npx claude-flow@v3alpha hooks modify-file"]
      }
    ],
    "PostToolUse": [
      {
        "matcher": ".*",
        "hooks": ["npx claude-flow@v3alpha hooks post-command"]
      }
    ],
    "UserPromptSubmit": [
      {
        "hooks": ["npx claude-flow@v3alpha hooks route --task \"$PROMPT\""]
      }
    ]
  }
}

3. Environment Variables

Discovered environment variables (beyond official docs):

Variable Purpose Default
CLAUDE_CODE_CONFIG Config file path ~/.claude/settings.json
CLAUDE_CODE_DEBUG Enable debug output false
CLAUDE_CODE_DISABLE_TELEMETRY Disable telemetry false
CLAUDE_CODE_HEADLESS Non-interactive mode false
CLAUDE_CODE_MAX_CONTEXT Max context tokens Model default
CLAUDE_CODE_SANDBOX_MODE Sandbox type auto
CLAUDE_CODE_SKIP_HOOKS Skip hook execution false
CLAUDE_CODE_TIMEOUT Default command timeout 120000
ANTHROPIC_MODEL Override model selection -
ANTHROPIC_BASE_URL API endpoint override https://api.anthropic.com

4. Settings Schema (Undocumented Fields)

Full settings.json schema with undocumented fields:

interface ClaudeCodeSettings {
  // Documented
  apiKey?: string;
  model?: string;

  // UNDOCUMENTED - Permission System
  permissions?: {
    allow?: string[];        // Auto-allow patterns
    deny?: string[];         // Auto-deny patterns
    ask?: string[];          // Always prompt patterns
    allowedTools?: string[]; // Whitelist specific tools
    deniedTools?: string[];  // Blacklist specific tools
  };

  // UNDOCUMENTED - Sandbox Configuration
  sandbox?: {
    mode?: 'strict' | 'permissive' | 'disabled';
    allowedPaths?: string[];
    deniedPaths?: string[];
    networkPolicy?: 'allow' | 'deny' | 'local-only';
  };

  // UNDOCUMENTED - MCP Server Configuration
  mcpServers?: {
    [name: string]: {
      command: string;
      args?: string[];
      env?: Record<string, string>;
      allowlist?: string[];  // Tool whitelist
      denylist?: string[];   // Tool blacklist
      timeout?: number;
    };
  };

  // UNDOCUMENTED - LSP Configuration
  lsp?: {
    enabled?: boolean;
    servers?: {
      [language: string]: {
        command: string;
        args?: string[];
      };
    };
  };

  // UNDOCUMENTED - Plugin System
  plugins?: {
    enabled?: boolean;
    installed?: string[];
    marketplace?: {
      url?: string;
      autoUpdate?: boolean;
    };
  };

  // UNDOCUMENTED - Agent Definitions
  agents?: {
    [name: string]: {
      description: string;
      systemPrompt?: string;
      allowedTools?: string[];
      model?: string;
    };
  };
}

5. MCP Server Allowlist/Denylist Pattern

MCP servers can have per-tool access control:

{
  "mcpServers": {
    "claude-flow": {
      "command": "npx",
      "args": ["claude-flow@v3alpha", "mcp", "start"],
      "allowlist": [
        "swarm_init",
        "agent_spawn",
        "memory_*",
        "task_*"
      ],
      "denylist": [
        "security_*",
        "backup_*"
      ],
      "timeout": 30000
    }
  }
}

6. Plugin/Marketplace System

Claude Code has an undocumented plugin marketplace:

interface PluginManifest {
  name: string;
  version: string;
  description: string;
  author: string;
  repository?: string;

  // Plugin capabilities
  hooks?: {
    PreToolUse?: string[];
    PostToolUse?: string[];
  };

  tools?: {
    name: string;
    description: string;
    inputSchema: object;
    handler: string;  // Path to handler script
  }[];

  agents?: {
    name: string;
    description: string;
    systemPrompt: string;
  }[];
}

7. CLAUDE.md Project Configuration

Project-level configuration supports undocumented sections:

# Project Configuration

## important-instruction-reminders
Custom instructions that override defaults

## agent-definitions
Define custom agents for this project

## mcp-servers
Project-specific MCP server configuration

## permission-overrides
Project-specific permission rules

## hooks
Project-specific hook configuration

Integration Strategies

{
  "peerDependencies": {
    "@anthropic-ai/claude-code": ">=2.0.0"
  },
  "peerDependenciesMeta": {
    "@anthropic-ai/claude-code": {
      "optional": true
    }
  }
}

Why NOT bundle as dependency:

  • Claude Code is 11MB+ bundled
  • Users likely already have it installed globally
  • Avoids version conflicts
  • Respects user's API key configuration

Strategy 2: Detection and Integration Module

// src/claude-code/integration.ts

interface ClaudeCodeStatus {
  installed: boolean;
  version?: string;
  configPath?: string;
  features: {
    hooks: boolean;
    mcp: boolean;
    plugins: boolean;
    lsp: boolean;
  };
}

/**
 * Detect Claude Code installation and capabilities
 */
export async function detectClaudeCode(): Promise<ClaudeCodeStatus> {
  try {
    // Check for global installation
    const { stdout } = await exec('claude --version');
    const version = stdout.match(/\d+\.\d+\.\d+/)?.[0];

    // Check config location
    const configPath = process.env.CLAUDE_CODE_CONFIG ||
      path.join(os.homedir(), '.claude', 'settings.json');

    return {
      installed: true,
      version,
      configPath: fs.existsSync(configPath) ? configPath : undefined,
      features: {
        hooks: version ? semver.gte(version, '2.0.0') : false,
        mcp: version ? semver.gte(version, '1.5.0') : false,
        plugins: version ? semver.gte(version, '2.1.0') : false,
        lsp: version ? semver.gte(version, '2.0.0') : false,
      }
    };
  } catch {
    return {
      installed: false,
      features: { hooks: false, mcp: false, plugins: false, lsp: false }
    };
  }
}

/**
 * Configure Claude Code integration
 */
export async function configureIntegration(options: {
  enableHooks?: boolean;
  enableMcp?: boolean;
  mcpServerName?: string;
}): Promise<void> {
  const status = await detectClaudeCode();
  if (!status.installed) {
    throw new Error('Claude Code not installed. Run: npm install -g @anthropic-ai/claude-code');
  }

  // Add MCP server if requested
  if (options.enableMcp && status.configPath) {
    await exec(`claude mcp add ${options.mcpServerName || 'claude-flow'} npx claude-flow@v3alpha mcp start`);
  }
}

Strategy 3: Hook Installation

// src/claude-code/hooks.ts

/**
 * Install claude-flow hooks into Claude Code settings
 */
export async function installHooks(): Promise<void> {
  const status = await detectClaudeCode();
  if (!status.features.hooks) {
    throw new Error('Claude Code version does not support hooks');
  }

  const settingsPath = status.configPath!;
  const settings = JSON.parse(fs.readFileSync(settingsPath, 'utf-8'));

  // Add PreToolUse hooks
  settings.hooks = settings.hooks || {};
  settings.hooks.PreToolUse = settings.hooks.PreToolUse || [];

  // Add modify-bash hook if not present
  const bashHook = settings.hooks.PreToolUse.find(
    (h: any) => h.matcher === 'Bash'
  );
  if (!bashHook) {
    settings.hooks.PreToolUse.push({
      matcher: 'Bash',
      hooks: ['npx claude-flow@v3alpha hooks modify-bash']
    });
  }

  fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2));
}

CLI Integration Commands

claude-flow setup claude-code

# Auto-detect and configure integration
npx claude-flow@v3alpha setup claude-code

# Options:
#   --hooks         Install hooks into Claude Code settings
#   --mcp           Register claude-flow MCP server
#   --agents        Install custom agent definitions
#   --verify        Verify integration status

claude-flow doctor --claude-code

# Check Claude Code integration health
npx claude-flow@v3alpha doctor --claude-code

# Output:
# ✓ Claude Code installed (v2.1.1)
# ✓ MCP server registered
# ✓ Hooks configured
# ✓ Settings valid
# ○ Plugins not configured (optional)

Security Considerations

1. Hook Security

Hooks execute with user permissions. Recommendations:

  • Validate all hook inputs
  • Never log sensitive data in hooks
  • Use sandboxed execution where possible

2. MCP Server Security

// Recommended MCP server configuration
{
  "mcpServers": {
    "claude-flow": {
      "command": "npx",
      "args": ["claude-flow@v3alpha", "mcp", "start"],
      // Restrict to safe tools only
      "allowlist": [
        "memory_*",
        "task_*",
        "swarm_status",
        "neural_status"
      ],
      // Deny dangerous operations
      "denylist": [
        "terminal_execute",
        "backup_*",
        "restore_*"
      ]
    }
  }
}

3. Permission Best Practices

{
  "permissions": {
    "allow": [
      "Read(*)",
      "Glob(*)",
      "Grep(*)"
    ],
    "ask": [
      "Write(*)",
      "Edit(*)",
      "Bash(*)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(sudo *)"
    ]
  }
}

Implementation Phases

Phase 1: Detection Module (Week 1)

  1. Create src/claude-code/integration.ts
  2. Implement detectClaudeCode()
  3. Add to doctor command
  4. Update package.json with peer dependency

Phase 2: Hook Installation (Week 2)

  1. Create src/claude-code/hooks.ts
  2. Implement installHooks()
  3. Add setup claude-code command
  4. Update CLAUDE.md template

Phase 3: Deep Integration (Week 3)

  1. Implement type-safe tool invocation
  2. Add plugin manifest support
  3. Create custom agent definitions
  4. Integration testing

Consequences

Positive

  1. Seamless Integration - Works automatically when Claude Code installed
  2. Enhanced UX - Hooks provide real-time feedback and routing
  3. Type Safety - SDK tools provide complete TypeScript definitions
  4. Extensibility - Plugin system enables custom extensions

Negative

  1. Version Coupling - Must track Claude Code API changes
  2. Undocumented APIs - May break with updates
  3. Complexity - More configuration options for users

Neutral

  1. Optional Dependency - Users without Claude Code unaffected
  2. Graceful Degradation - Features degrade when unavailable

References


Appendix: Tool Input Schema Reference

FileEditInput

interface FileEditInput {
  file_path: string;    // Absolute path required
  old_string: string;   // Text to replace
  new_string: string;   // Replacement (must differ)
  replace_all?: boolean; // Replace all occurrences
}

GrepInput

interface GrepInput {
  pattern: string;      // Regex pattern
  path?: string;        // Search path (default: cwd)
  glob?: string;        // File filter (e.g., "*.ts")
  output_mode?: "content" | "files_with_matches" | "count";
  "-B"?: number;        // Lines before
  "-A"?: number;        // Lines after
  "-C"?: number;        // Lines around
  "-n"?: boolean;       // Show line numbers
  "-i"?: boolean;       // Case insensitive
  type?: string;        // File type (js, py, etc.)
}

TodoWriteInput

interface TodoWriteInput {
  todos: Array<{
    content: string;
    status: "pending" | "in_progress" | "completed";
    activeForm: string;  // Present continuous form
  }>;
}

AskUserQuestionInput

interface AskUserQuestionInput {
  questions: Array<{
    question: string;
    header: string;       // Max 12 chars
    options: Array<{
      label: string;
      description: string;
    }>;
    multiSelect: boolean;
  }>;
  answers?: Record<string, string>;  // Previous answers
}

Updates (2026-01-08)

One-Command Project Setup (init --start-all)

Added --start-all flag to init command for complete project initialization:

# Initialize project AND start all services
npx @claude-flow/cli@latest init --start-all

# Equivalent to running:
# 1. npx @claude-flow/cli@latest init
# 2. npx @claude-flow/cli@latest memory init
# 3. npx @claude-flow/cli@latest daemon start
# 4. npx @claude-flow/cli@latest swarm init --topology hierarchical

Flags added:

  • --start-all - Initialize memory, start daemon, start swarm
  • --start-daemon - Just start the daemon after init

This simplifies the Claude Code integration setup from multiple commands to a single invocation.

CLI Version: @claude-flow/cli@3.0.0-alpha.56


Status: Complete Completed: 2026-01-07 Last Updated: 2026-01-08