v3/docs/adr/ADR-085-issue-1425-comprehensive-remediation.md
Accepted
Issue #1425 identified systemic quality problems in the codebase, independently confirmed by an external audit. After initial fixes in v3.5.43 (PR #1435, ADR-067) and v3.5.69, the following items remain unresolved in v3:
any types in v3 CLI commands — TypeScript type safety gapslist/test static catalog — Returns hardcoded provider list, ignores user configurationvalidate-input.ts wired to agent_spawn and memory_store onlysleep(352) baseline — Benchmark uses artificial delay as timing baselineAddress all 7 items in a single release (v3.5.70):
any types in v3 commandsReplace all 19 any casts in v3/@claude-flow/cli/src/commands/ with proper types. Use unknown + narrowing where the actual type is unclear.
Create v3/@claude-flow/shared/src/ws/ shared websocket module with unified auth, reconnection logic, and heartbeat. CLI, hooks, and MCP bridge import from shared module.
Create shared AgentRegistry in @claude-flow/shared that AgentManager, WorkerPool, and MCP agent tools all use. Single source of truth for agent lifecycle.
providers list reads from claude-flow.config.json or environment. providers test makes real API health check calls (with timeout).
Add validateIdentifier/validatePath/validateText calls to all 43 command handlers that accept user input. Focus on boundary inputs: file paths, identifiers, command arguments.
Remove sleep(352) artificial baseline. Benchmark against actual no-op timing. Remove hardcoded += 100 token savings — measure real token counts or remove the claim.
Add compaction pass in session-start hook that deduplicates entries by content hash before building the graph. Skip entries with identical content, keeping highest confidence version.