v3/docs/adr/ADR-085-issue-1425-comprehensive-remediation.md
Status: Accepted — Partially Implemented (items 1, 4, 5, 6, 7 landed in v3.5.71; items 2 WS consolidation and 3 AgentRegistry deferred) Date: 2026-04-07 (proposed) · Updated: 2026-05-09
Issue #1425 identified systemic quality problems in the codebase, independently confirmed by an external audit. After initial fixes in v3.5.43 (PR #1435, ADR-067) and v3.5.69, the following items remain unresolved in v3:
any types in v3 CLI commands — TypeScript type safety gapslist/test static catalog — Returns hardcoded provider list, ignores user configurationvalidate-input.ts wired to agent_spawn and memory_store onlysleep(352) baseline — Benchmark uses artificial delay as timing baselineAddress all 7 items in a single release (v3.5.70):
any types in v3 commandsReplace all 19 any casts in v3/@claude-flow/cli/src/commands/ with proper types. Use unknown + narrowing where the actual type is unclear.
Create v3/@claude-flow/shared/src/ws/ shared websocket module with unified auth, reconnection logic, and heartbeat. CLI, hooks, and MCP bridge import from shared module.
Create shared AgentRegistry in @claude-flow/shared that AgentManager, WorkerPool, and MCP agent tools all use. Single source of truth for agent lifecycle.
providers list reads from claude-flow.config.json or environment. providers test makes real API health check calls (with timeout).
Add validateIdentifier/validatePath/validateText calls to all 43 command handlers that accept user input. Focus on boundary inputs: file paths, identifiers, command arguments.
Remove sleep(352) artificial baseline. Benchmark against actual no-op timing. Remove hardcoded += 100 token savings — measure real token counts or remove the claim.
Add compaction pass in session-start hook that deduplicates entries by content hash before building the graph. Skip entries with identical content, keeping highest confidence version.
Items 1, 4, 5, 6, and 7 shipped in v3.5.71 (commit a101c2a08). Items 2 (WS consolidation) and 3 (AgentRegistry) were not implemented in v3.5.71 and remain deferred — no subsequent commit adds the shared ws/ module or a unified AgentRegistry class.
| Item | Description | Status | Files | Commit(s) |
|---|---|---|---|---|
| 1 | Eliminate 19 any types in v3 commands | Implemented (2 justified remain in neural.ts) | v3/@claude-flow/cli/src/commands/*.ts | a101c2a08 fix: comprehensive #1425 remediation |
| 2 | Consolidate 3 WebSocket implementations into shared/src/ws/ | Deferred | — | — |
| 3 | Unify agent management into shared AgentRegistry | Deferred | — | — |
| 4 | Wire providers list/test to real config + HTTP health checks | Implemented | v3/@claude-flow/cli/src/commands/providers.ts | a101c2a08 |
| 5 | Expand input validation to all 43 command handlers (27/28 MCP tool files, ~120+ handlers) | Implemented | v3/@claude-flow/cli/src/mcp-tools/*.ts | a101c2a08 |
| 6 | Remove sleep(352) and fabricated Token Optimizer metrics (+= 200, 32%, 95% claims) | Implemented | v3/@claude-flow/cli/src/ (integration dist rebuilt) | a101c2a08 |
| 7 | Intelligence layer content-based dedup on session start | Implemented | v3/@claude-flow/cli/src/memory/intelligence.ts | a101c2a08 |
v3/@claude-flow/shared/src/ws/ module exists; the three separate WebSocket implementations in CLI, hooks, and MCP bridge remain unconsolidated.AgentRegistry class exists; AgentManager, ContainerWorkerPool, and MCP agent tools do not share a common registry.