claude-flow

v3.10.13 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 5d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

agentic-ai agentic-framework agentic-rag agentic-workflow agents ai-agents

+14 more

ai-assistant ai-coding ai-skills autonomous-agents claude-code codex mcp-server multi-agent multi-agent-systems npm skills swarm swarm-intelligence typescript

Affected surfaces

auth rce_ssrf crypto_tls

ReleasePort's take

Strong signal

editorial:auto 5d

The release patches three security vulnerabilities in JSON parsing, SQL migration validation, and ID generation, and introduces three new MCP tools for graph traversal, batch deletion, and on‑demand consolidation.

Why it matters: Security fixes address SyntaxError/stack‑trace leaks (JSON), CWE‑89 template injection (SQL), and insecure IDs; the new MCP utilities enable multi‑hop walks, atomic bulk deletes, and manual NightlyLearner runs. Severity scores of 90 highlight critical impact.

Summary

AI summary

Three security findings closed and three new MCP tools added.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Critical	Applies `parseJsonStrict` to prevent SyntaxError / stack-trace leak from crafted CLI input. Applies `parseJsonStrict` to prevent SyntaxError / stack-trace leak from crafted CLI input. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	Critical	Adds `validateSqlIdentifier` to mitigate CWE-89 template‑SQL injection in `migrate.ts`. Adds `validateSqlIdentifier` to mitigate CWE-89 template‑SQL injection in `migrate.ts`. Source: llm_adapter@2026-05-30 Confidence: high	—
Security	Critical	Replaces insecure IDs with `crypto.randomBytes()` in `agentdb-fast` and `GraphDatabaseAdapter`. Replaces insecure IDs with `crypto.randomBytes()` in `agentdb-fast` and `GraphDatabaseAdapter`. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature
Feature	Medium	Adds `causal_traverse` tool for multi‑hop graph walk to explain memory relevance. Adds `causal_traverse` tool for multi‑hop graph walk to explain memory relevance. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds `agentdb_delete_batch` tool providing atomic IN‑clause delete with id + table whitelist. Adds `agentdb_delete_batch` tool providing atomic IN‑clause delete with id + table whitelist. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Medium	Adds `consolidate_now` tool to trigger on‑demand `NightlyLearner` run. Adds `consolidate_now` tool to trigger on‑demand `NightlyLearner` run. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Commits real `recall@k` benchmark harness (`scripts/benchmark-recall.mjs`). Commits real `recall@k` benchmark harness (`scripts/benchmark-recall.mjs`). Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Measures recall@10 = 0.912 at N=2000, D=384, exceeding the documented 0.90 floor. Measures recall@10 = 0.912 at N=2000, D=384, exceeding the documented 0.90 floor. Source: llm_adapter@2026-05-30 Confidence: high	—
Feature	Low	Adds CI guard that fails if recall drops below 0.90. Adds CI guard that fails if recall drops below 0.90. Source: llm_adapter@2026-05-30 Confidence: high	—
Bugfix	Low	Adds 14 new regression tests covering security, MCP handlers, and recall floor. Adds 14 new regression tests covering security, MCP handlers, and recall floor. Source: llm_adapter@2026-05-30 Confidence: high	—

Full changelog

Bumps the bundled agentdb to 3.0.0-alpha.16 (ruvnet/agentdb#6 — SOTA roadmap, ADR-073). Three categories of improvement:

Security — three findings closed:

parseJsonStrict helper applied to the unguarded JSON.parse site (no more SyntaxError / stack-trace leak from crafted CLI input)
validateSqlIdentifier on the residual CWE-89 template-SQL in migrate.ts
crypto.randomBytes() IDs in agentdb-fast + GraphDatabaseAdapter (CWE-338)

MCP surface (3 new tools):

causal_traverse — multi-hop graph walk for "why does this memory matter?"
agentdb_delete_batch — atomic IN-clause delete with id + table whitelist
consolidate_now — on-demand NightlyLearner run instead of waiting for a scheduled pass

Honest measurement:

Real recall@k benchmark harness committed (scripts/benchmark-recall.mjs)
Production-dim run at N=2000 D=384 measures recall@10 = 0.912 (above the documented 0.90 CI floor; the prior "95%" claim was unverified — committed run JSON replaces it)
CI guard in tests/recall-benchmark-harness.test.ts fails if recall drops below 0.90

Tests: 14 new regression tests across security + MCP-handler building blocks + recall floor.
Full ruflo CLI suite still 2104/0/46-skipped.

Install: npx [email protected]

Bigger SOTA items (RaBitQ 1-bit quantization, worker-thread batch pool, async HNSW rebuild, learned reranking head, tier-aware memory + EWC wiring) are tracked in ruvnet/agentdb#6 for the next round.

Security Fixes

`parseJsonStrict` applied to `JSON.parse` site preventing SyntaxError/stack‑trace leaks from crafted CLI input (CWE-...)
`validateSqlIdentifier` added to residual CWE-89 template‑SQL in `migrate.ts`
`crypto.randomBytes()` used for IDs in `agentdb-fast` and `GraphDatabaseAdapter` mitigating CWE-338

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track claude-flow

Get notified when new releases ship.

About claude-flow

Deploy multi-agent swarms with coordinated workflows.

All releases →

claude-flow

ReleasePort's take

Summary

Changes in this release

Security Fixes

Related context

Related tools