Files
wehub-resource-sync 23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:02:19 +08:00
..

@claude-flow/plugin-code-intelligence

npm version npm downloads License: MIT

A comprehensive code intelligence plugin combining graph neural networks for code structure analysis with ultra-fast vector search for semantic code similarity. The plugin enables dead code detection, API surface analysis, refactoring impact prediction, and architectural drift monitoring while integrating seamlessly with existing IDE workflows.

Features

  • Semantic Code Search: Find semantically similar code across the codebase using natural language or code snippets
  • Architecture Analysis: Analyze dependency graphs, detect layer violations, circular dependencies, and architectural drift
  • Refactoring Impact Prediction: Predict the impact of proposed code changes using GNN analysis
  • Module Splitting: Suggest optimal module boundaries using MinCut algorithms
  • Pattern Learning: Learn recurring patterns from code changes using SONA (Self-Optimizing Neural Architecture)

Installation

npm

npm install @claude-flow/plugin-code-intelligence

CLI

npx claude-flow plugins install --name @claude-flow/plugin-code-intelligence

Quick Start

import { CodeIntelligencePlugin } from '@claude-flow/plugin-code-intelligence';

// Initialize the plugin
const codeIntel = new CodeIntelligencePlugin({
  indexPath: './data/code-index',
  repoPath: './',
  languages: ['typescript', 'javascript']
});

// Semantic code search
const results = await codeIntel.semanticSearch({
  query: 'function that validates user email',
  scope: { paths: ['src/'], excludeTests: true },
  searchType: 'semantic',
  topK: 10
});

// Analyze architecture
const architecture = await codeIntel.architectureAnalyze({
  rootPath: './src',
  analysis: ['dependency_graph', 'circular_deps', 'dead_code'],
  outputFormat: 'mermaid'
});

// Predict refactoring impact
const impact = await codeIntel.refactorImpact({
  changes: [
    { file: 'src/utils/auth.ts', type: 'rename', details: { newName: 'authentication.ts' } }
  ],
  depth: 3,
  includeTests: true
});

MCP Tools

Find semantically similar code across the codebase.

const result = await mcp.invoke('code/semantic-search', {
  query: 'handle authentication token refresh',
  scope: {
    paths: ['src/'],
    languages: ['typescript'],
    excludeTests: false
  },
  searchType: 'semantic',
  topK: 10
});

// Returns:
// {
//   results: [
//     {
//       file: 'src/auth/tokenManager.ts',
//       function: 'refreshAccessToken',
//       snippet: 'async function refreshAccessToken(refreshToken: string)...',
//       similarity: 0.94,
//       lineRange: [45, 72]
//     },
//     ...
//   ]
// }

2. code/architecture-analyze

Analyze codebase architecture using graph algorithms.

const result = await mcp.invoke('code/architecture-analyze', {
  rootPath: './src',
  analysis: [
    'dependency_graph',
    'layer_violations',
    'circular_deps',
    'component_coupling',
    'dead_code'
  ],
  baseline: 'main',  // Git ref for drift comparison
  outputFormat: 'mermaid'
});

// Returns:
// {
//   dependencyGraph: '...mermaid diagram...',
//   layerViolations: [
//     { from: 'presentation/UserForm', to: 'data/UserRepository', rule: 'no-direct-data-access' }
//   ],
//   circularDeps: [
//     ['moduleA', 'moduleB', 'moduleC', 'moduleA']
//   ],
//   deadCode: [
//     { file: 'src/utils/legacy.ts', reason: 'no-references', confidence: 0.95 }
//   ],
//   architecturalDrift: {
//     newDependencies: 5,
//     removedDependencies: 2,
//     couplingChange: +0.03
//   }
// }

3. code/refactor-impact

Predict impact of proposed refactoring.

const result = await mcp.invoke('code/refactor-impact', {
  changes: [
    { file: 'src/services/UserService.ts', type: 'extract', details: { method: 'validateUser' } },
    { file: 'src/models/User.ts', type: 'rename', details: { property: 'name', to: 'fullName' } }
  ],
  depth: 3,
  includeTests: true
});

// Returns:
// {
//   impactedFiles: [
//     { file: 'src/controllers/AuthController.ts', changes: ['import path', 'method call'] },
//     { file: 'src/services/AdminService.ts', changes: ['method call'] },
//     { file: 'tests/UserService.test.ts', changes: ['test assertions'] }
//   ],
//   totalFilesAffected: 12,
//   riskScore: 0.35,
//   breakingChanges: [
//     { type: 'property-rename', description: 'User.name -> User.fullName', usages: 45 }
//   ],
//   suggestedMigrationSteps: [...]
// }

4. code/split-suggest

Suggest optimal module boundaries using MinCut.

const result = await mcp.invoke('code/split-suggest', {
  targetPath: './src/monolith',
  strategy: 'minimize_coupling',
  constraints: {
    maxModuleSize: 5000,  // LOC
    minModuleSize: 500,
    preserveBoundaries: ['src/monolith/core']
  },
  targetModules: 4
});

// Returns:
// {
//   suggestedModules: [
//     {
//       name: 'user-management',
//       files: ['User.ts', 'UserService.ts', 'UserRepository.ts'],
//       loc: 2340,
//       externalDependencies: 3
//     },
//     {
//       name: 'order-processing',
//       files: ['Order.ts', 'OrderService.ts', 'PaymentHandler.ts'],
//       loc: 3120,
//       externalDependencies: 5
//     },
//     ...
//   ],
//   couplingReduction: '45%',
//   migrationComplexity: 'medium'
// }

5. code/learn-patterns

Learn code patterns from repository history.

const result = await mcp.invoke('code/learn-patterns', {
  scope: {
    gitRange: 'HEAD~100..HEAD',
    authors: [],  // All authors
    paths: ['src/']
  },
  patternTypes: ['bug_patterns', 'refactor_patterns'],
  minOccurrences: 3
});

// Returns:
// {
//   patterns: [
//     {
//       type: 'bug_pattern',
//       name: 'null-check-before-access',
//       occurrences: 12,
//       description: 'Adding null checks before property access',
//       example: { before: 'user.name', after: 'user?.name' }
//     },
//     {
//       type: 'refactor_pattern',
//       name: 'async-await-migration',
//       occurrences: 8,
//       description: 'Converting Promise.then chains to async/await'
//     }
//   ]
// }

Configuration Options

interface CodeIntelligenceConfig {
  // Indexing
  indexPath: string;              // Path to code index storage
  repoPath: string;               // Repository root path

  // Language support
  languages: string[];            // Languages to index
  excludePaths: string[];         // Paths to exclude

  // Performance
  maxMemoryMB: number;            // WASM memory limit (default: 1024)
  maxCpuTimeSeconds: number;      // Operation timeout (default: 300)
  incrementalIndexing: boolean;   // Enable incremental updates (default: true)

  // Security
  blockSensitiveFiles: boolean;   // Block .env, credentials, etc. (default: true)
  maskSecrets: boolean;           // Mask detected secrets in results (default: true)
}

Supported Languages

Tier Languages Support Level
Tier 1 (Full) TypeScript, JavaScript, React, Vue, Angular Complete AST analysis
Tier 2 (Partial) Python, Java, Ruby, PHP Core analysis features
Tier 3 (Basic) Rust, Go, C++, Swift, Kotlin Dependency and search

Security Considerations

Path Traversal Prevention

All file paths are validated to prevent directory traversal:

  • Paths normalized and resolved against allowed root
  • Blocked patterns: .env, .git/config, credentials, secrets, private keys

Secret Detection and Masking

Secrets are automatically detected and masked in search results:

  • API keys and tokens
  • Private keys and certificates
  • Password strings
  • Cloud provider credentials (AWS, GCP, Azure)

WASM Security Constraints

Constraint Value Rationale
Memory Limit 1GB max Handle large codebases
CPU Time Limit 300 seconds Allow full repo analysis
No Network Access Enforced Prevent code exfiltration
No Shell Execution Enforced Prevent command injection
Read-Only Mode Enforced Prevent code modification

Input Validation

All inputs are validated using Zod schemas:

// All inputs validated:
- Query strings: 1-5000 characters
- File paths: Maximum 500 characters, max 100 paths per request
- Languages: Maximum 20 languages per request
- topK: 1-1000 results
- Git refs: Validated against safe patterns (no shell metacharacters)
- Module size limits: 100-100000 LOC

Rate Limiting

const rateLimits = {
  'code/semantic-search': { requestsPerMinute: 60, maxConcurrent: 5 },
  'code/architecture-analyze': { requestsPerMinute: 10, maxConcurrent: 2 },
  'code/refactor-impact': { requestsPerMinute: 20, maxConcurrent: 3 },
  'code/split-suggest': { requestsPerMinute: 5, maxConcurrent: 1 },
  'code/learn-patterns': { requestsPerMinute: 5, maxConcurrent: 1 }
};

Performance

Metric Target
Semantic code search <100ms for 1M LOC
Architecture analysis <10s for 100K LOC
Refactor impact <5s for single change
Module splitting <30s for 50K LOC
Pattern learning <2min for 1000 commits

IDE Integration

  • VS Code Extension: Real-time analysis and suggestions
  • JetBrains Plugin: IntelliJ, WebStorm, PyCharm support
  • CLI: CI/CD pipeline integration
  • MCP: Direct Claude Code integration

Dependencies

  • micro-hnsw-wasm: Semantic code search and clone detection (150x faster)
  • ruvector-gnn-wasm: Code dependency graphs, call graphs, and control flow analysis
  • ruvector-mincut-wasm: Module boundary detection and optimal code splitting
  • sona: Self-optimizing learning from code review patterns
  • ruvector-dag-wasm: Build dependency analysis and incremental compilation
  • @babel/parser: JavaScript/TypeScript AST parsing
  • typescript: TypeScript compiler API
Plugin Description Use Case
@claude-flow/plugin-test-intelligence Test optimization Predictive test selection based on code changes
@claude-flow/plugin-perf-optimizer Performance optimization Code performance bottleneck detection
@claude-flow/plugin-legal-contracts Contract analysis Software licensing compliance

License

MIT License

Copyright (c) 2026 Claude Flow

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.