P0 Critical - Code Injection:
- Replace eval() in workflow-loader.ts with safe expression evaluator
- Replace new Function() in e2e-runner.ts with safe expression evaluator
- Create safe-expression-evaluator.ts with tokenizer/parser (no eval)

P1 High - Command Injection & XSS:
- Remove shell: true in vitest-executor.ts, use shell: false
- Fix innerHTML XSS in QEPanelProvider.ts with escapeHtml/escapeForAttr
- Replace execSync with execFileSync in github-safe.js

P2 Medium:
- Run npm audit fix (0 vulnerabilities)
- Add URL validation in contract-testing/validate.ts (SSRF protection)

Tests:
- Add 93 comprehensive tests for safe-expression-evaluator
- Cover security rejection cases (eval, __proto__, constructor, etc.)

Closes #202

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Alert #74 - Incomplete string escaping (High):
- cross-domain-router.ts: Escape backslashes before dots in regex pattern
  to prevent regex injection attacks

Alert #69 & #70 - Insecure randomness (High):
- token-tracker.ts: Replace Math.random() with crypto.randomUUID()
  for session ID generation (lines 234, 641)

Alert #71 - Unsafe shell command (Medium):
- semgrep-integration.ts: Replace exec() with execFile() and use
  array arguments to prevent command injection

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Includes all security fixes from:
- Issue #201 (HNSW implementation)
- Issue #202 (Security audit)
- CodeQL alerts #69, #70, #71, #74

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Document ENOTEMPTY error workaround (known npm bug)
- Document access token expired notices
- Provide multiple solution options

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…honesty fixes

Phase 4 Self-Learning Features implementation after thorough review and fixes:

Core Self-Learning Components:
- ExperienceCaptureService: Captures task execution experiences for pattern learning
- AQELearningEngine: Unified learning engine with Claude Flow integration
- PatternStore improvements: Better text similarity scoring for pattern matching

Key Fixes (from brutal honesty review):
1. Fixed promotion logic: Now correctly checks tier='short-term' AND usageCount>=threshold
2. Added Claude Flow error tracking with claudeFlowErrors counter
3. Connected ExperienceCaptureService to coordinator via EventBus
4. Created real integration tests (not mocked unit tests)

Integration:
- Learning coordinator subscribes to 'learning.ExperienceCaptured' events
- Cross-domain knowledge transfer for successful high-quality experiences
- Pattern creation records initial usage correctly

Testing:
- 7 integration tests using real InMemoryBackend and PatternStore
- 19 unit tests for experience capture service
- All 26 learning tests pass

Also includes:
- ADR-052: Coherence-Gated QE architecture decision
- Init orchestrator with 12 initialization phases
- Claude Flow setup command
- Success rate benchmark reports

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add EU compliance validation service for EN 301 549 V3.2.1 and
EU Accessibility Act (Directive 2019/882) compliance checking.

Features:
- 47 EN 301 549 Chapter 9 web content clauses mapped to WCAG 2.1
- EU Accessibility Act requirements for e-commerce, banking, transport
- WCAG-to-EN 301 549 clause mapping with conformance levels
- Compliance scoring with passed/failed/partial status
- Prioritized remediation recommendations with effort estimates
- Certification-ready compliance reports with review scheduling
- Product category validation (e-commerce, banking, transport, e-books)

Integration:
- AccessibilityTesterService.validateEUCompliance() method
- Helper methods for EN 301 549 clauses and EAA requirements
- Full type exports from visual-accessibility domain

Bug fixes:
- Fix === vs = bug in partial status logic (line 686)

Tests:
- 41 unit tests for EUComplianceService
- 26 integration tests for end-to-end validation
- Regression tests for partial status bug fix

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The visual-accessibility domain actions (runVisualTest, runAccessibilityTest)
were defined in COMMAND_TO_DOMAIN_ACTION mapping but never registered with
the WorkflowOrchestrator, causing workflow executions to fail.

Changes:
- Add registerWorkflowActions() method to VisualAccessibilityPlugin
- Add helper methods for extracting URLs, viewports, WCAG levels from input
- Integrate action registration into CLI initialization paths
- Add unit tests for workflow action registration

Fixes #206

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The MCP server failed to start with "Named export 'HierarchicalNSW' not found"
because hnswlib-node is a CommonJS module that doesn't support ESM named imports.

Changed HNSWIndex.ts to use default import with destructuring, matching the
pattern already used in real-qe-reasoning-bank.ts.

Fixes #204

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fixes #205

Changes:
- Add 'idle' status to DomainHealth, MinCutHealth, and MCP types
- getDomainHealth() returns 'idle' for 0/inactive agents (not 'degraded')
- getHealth() only checks enabled domains (not ALL_DOMAINS)
- MinCut health monitor returns 'idle' for empty topology (not 'critical')
- Skip MinCut alerts for fresh installs with no agents
- CLI shows 'idle' status in cyan with helpful tip for new users
- Add test:dev script to root package.json

Before: Fresh install showed "Status: degraded" with 13 domain warnings
After: Fresh install shows "Status: healthy" with "Idle (ready): 13"

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

## ADR-052 Implementation Complete

### Core Coherence Infrastructure
- Add 6 Prime Radiant WASM engine adapters (Cohomology, Spectral, Causal,
  Category, Homotopy, Witness)
- Implement CoherenceService with unified scoring and compute lane routing
- Add ThresholdTuner with EMA auto-calibration for adaptive thresholds
- Implement WASM loader with fallback and retry logic

### MCP Tools (4 new tools)
- qe/coherence/check: Verify belief coherence with configurable thresholds
- qe/coherence/audit: Memory coherence auditing
- qe/coherence/consensus: Cross-agent consensus building
- qe/coherence/collapse: Uncertainty collapse for decisions

### Domain Integration
- Add coherence gate to test-generation domain (blocks incoherent requirements)
- Integrate with learning module (CausalVerifier, MemoryAuditor)
- Add BeliefReconciler to strange-loop for belief state management

### CI/CD
- Add GitHub Actions workflow for coherence verification
- Add coherence-check.js script for CI badge generation

### Performance (ADR-052 targets met)
- 10 nodes: 0.3ms (target <1ms) ✓
- 100 nodes: 3.2ms (target <5ms) ✓
- 1000 nodes: 32ms (target <50ms) ✓

### Test Coverage
- 382+ coherence-related tests
- Benchmarks for performance validation

### DevPod/Codespaces OOM Fix
- Update vitest.config.ts with forks pool (process isolation)
- Limit to 2 parallel workers to prevent native module segfaults
- Add test:safe script with 1.5GB heap limit

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

The .gitignore had overly broad `claude-flow` patterns that were
ignoring v3/src/adapters/claude-flow/ source files, causing CI build
failures with:

  TS2307: Cannot find module '../adapters/claude-flow/index.js'

Changes:
- Fix .gitignore to use `/claude-flow` (root only) instead of `claude-flow`
- Add exception `!v3/src/adapters/claude-flow/` for source adapters
- Add 5 missing adapter files:
  - index.ts (unified bridge exports)
  - types.ts (TypeScript interfaces)
  - trajectory-bridge.ts (SONA trajectory tracking)
  - model-router-bridge.ts (3-tier model routing)
  - pretrain-bridge.ts (codebase analysis)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Addresses CodeQL alert #115: Missing workflow permissions.

Added explicit permissions blocks following least privilege principle:
- Top-level: contents: read, actions: read
- Job-level: contents: read

This workflow verifies ADR-052 coherence-gated QE on PRs and pushes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

- Add outputs section to coherence-check job to pass results between jobs
- Update vitest.config.ts to use Vitest 4 top-level options instead of
  deprecated poolOptions (fixes deprecation warning)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Aligns with Issue #205 UX fix: empty topology is 'idle' not 'critical'
for fresh install experience.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Use single-quote wrapping for shell argument escaping instead of
incomplete double-quote escaping. Single quotes don't interpolate
variables in POSIX shells, making them inherently safer.

Fixes CodeQL alerts #116-121: js/incomplete-sanitization

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Prevents test hanging when coordinator.shutdown() takes too long.
Uses Promise.race with 5s timeout and extends hook timeout to 15s.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Use ANSI-C quoting ($'...') with proper backslash escaping.
The previous single-quote approach didn't escape backslashes.

Changes:
- Escape \\ before ' to prevent escape sequence injection
- Use $'...' syntax which handles escape sequences safely

Fixes CodeQL alert #117: js/incomplete-sanitization

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fix all 6 CodeQL js/incomplete-sanitization alerts in claude-flow adapters
by using proper ANSI-C $'...' quoting for shell arguments.

Changes:
- model-router-bridge.ts: Remove outer double quotes from escapeArg usages
- pretrain-bridge.ts: Add escapeArg function with backslash escaping
- trajectory-bridge.ts: Fix remaining double-quoted variable interpolations

The escapeArg function now:
1. Escapes backslashes first (prevents bypass via \')
2. Escapes single quotes
3. Returns ANSI-C quoted string $'...'
4. Used WITHOUT outer double quotes for proper shell interpretation

This resolves security scanning alerts:
- #116, #117: model-router-bridge.ts
- #118, #119: trajectory-bridge.ts
- #120, #121: pretrain-bridge.ts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

…ot 'degraded'

The original #205 fix checked isEmptyTopology() using vertexCount/edgeCount,
but buildGraphFromAgents() always creates 12 domain coordinator vertices and
11 workflow edges. This caused fresh installs to show "degraded" status with
MinCut critical warnings about isolated vertices.

Fix: Changed isEmptyTopology() to check for agent vertices specifically.
Domain coordinator vertices don't count as "topology with agents".

Changes:
- mincut-health-monitor.ts: Check getVerticesByType('agent').length === 0
- queen-integration.ts: Same isEmptyTopology() fix
- domain-interface.ts: Default status changed to 'idle' for 0 agents
- All 12 domain plugins: Init status changed from 'healthy' to 'idle'
- Added regression tests for domain-coordinators-without-agents scenario

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Add complete cloud sync system for syncing local AQE learning data to
cloud PostgreSQL with ruvector vector database. This enables centralized
self-learning across environments (devpod, laptop, CI).

Implementation:
- TypeScript sync agent with IAP tunnel support
- SQLite and JSON readers for 10 local data sources
- PostgreSQL writer with type conversions (timestamps, JSONB, vectors)
- CLI commands: aqe sync, sync --full, sync status, sync verify, sync config
- Cloud schema with HNSW indexes for ruvector similarity search

Data synced (5,062 records total):
- qe_patterns: 1,073 patterns
- memory_entries: 2,060 entries
- events: 1,082 audit events
- learning_experiences: 665 RL trajectories
- goap_actions: 101 planning primitives
- patterns: 45 learned behaviors
- sona_patterns: 34 neural patterns
- claude_flow_memory: 2 entries

Infrastructure:
- GCE VM: ruvector-postgres (us-central1-a)
- Docker: ruvnet/ruvector-postgres:latest
- Access: IAP tunnel (no public IP)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Wire up existing security infrastructure to MCP tool invocation path:
- Add tool name validation (alphanumeric, _, -, : only, max 128 chars)
- Add parameter validation against tool schema definitions
- Add parameter sanitization using security module
- Reject unknown parameters to prevent injection attacks

Enhance CVE prevention with control character stripping:
- Strip null bytes (\x00) to prevent string termination attacks
- Strip ANSI escape sequences (\x1B) to prevent terminal attacks
- Strip other dangerous control characters (\x01-\x08, \x0B, \x0C, etc.)

Also fixes missing 'target' parameter in quality_assess tool definition.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Resolves issue #206 where user customizations in config.yaml were
overwritten when running `aqe init` after reinstalling the package.

Changes:
- Load existing config.yaml before saving new config
- Merge user customizations (domains.enabled, hooks, workers, agents)
- Add helpful comments to generated config explaining preservation
- Add unit tests for config preservation logic (9 tests)

Users no longer need to re-add custom domains like `visual-accessibility`
after reinstalling agentic-qe.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

… null checks

WASM SpectralEngine Fix:
- Correct graph format: edges as tuples [source, target, weight] not objects
- Add 'n' field for node count (required by WASM)
- Add try-catch with graceful fallback on WASM errors
- Handle edge cases for empty/disconnected graphs

Null Check Fixes:
- memory-auditor.ts: Add defensive check for context?.tags
- spectral-adapter.ts: Add defensive check for beliefs ?? []
- coherence-service.ts: Add defensive check for health.beliefs ?? []

Error Handling Improvements:
- Add try-catch around verifyConsensus WASM path
- Add try-catch around predictCollapse WASM path
- Graceful fallback to heuristic implementations on WASM error

ModelRouter Fix:
- Increase booster-eligibility confidence scoring (0.5 per match)
- Add mechanical keyword boost to 0.6

Benchmark Results (v3.2.3 → v3.3.0):
- Pass rate: 33.3% → 50.0% (+16.7%)
- False negatives: 7 → 2 (71% reduction)
- WASM errors: 4 → 0 (all fixed)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Fixes #208 - Inconsistent MCP registration instructions

Updated README to clearly show both options:
- Option 1: `claude mcp add aqe -- aqe-mcp` (global install)
- Option 2: `claude mcp add aqe -- npx agentic-qe mcp` (npx)

The `--` separator is required to pass arguments to the command.
Standardized on 'aqe' as the MCP server name.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>