# Pitfall Log / 踩坑日志

项目：ruvnet/ruflo

摘要：发现 39 个潜在踩坑项，其中 6 个为 high/blocking；最高优先级：安全/权限坑 - 失败模式：security_permissions: ADR-153 — Integrate @metaharness/darwin (Darwin Mode) into ruflo。

## 1. 安全/权限坑 · 失败模式：security_permissions: ADR-153 — Integrate @metaharness/darwin (Darwin Mode) into ruflo

- 严重度：high
- 证据强度：source_linked
- 发现：Developers should check this security_permissions risk before relying on the project: ADR-153 — Integrate @metaharness/darwin (Darwin Mode) into ruflo
- 对用户的影响：Developers may expose sensitive permissions or credentials: ADR-153 — Integrate @metaharness/darwin (Darwin Mode) into ruflo
- 证据：failure_mode_cluster:github_issue | https://github.com/ruvnet/ruflo/issues/2409 | ADR-153 — Integrate @metaharness/darwin (Darwin Mode) into ruflo

## 2. 安全/权限坑 · 失败模式：security_permissions: security cve subcommand is a stub — never returns CVE data (scan already does, via npm audit)

- 严重度：high
- 证据强度：source_linked
- 发现：Developers should check this security_permissions risk before relying on the project: security cve subcommand is a stub — never returns CVE data (scan already does, via npm audit)
- 对用户的影响：Developers may expose sensitive permissions or credentials: security cve subcommand is a stub — never returns CVE data (scan already does, via npm audit)
- 证据：failure_mode_cluster:github_issue | https://github.com/ruvnet/ruflo/issues/2403 | security cve subcommand is a stub — never returns CVE data (scan already does, via npm audit)

## 3. 安全/权限坑 · 来源证据：[verification] HIGH: @claude-flow/cli@alpha --version hangs >60s on cold install (ONNX model download on every startup)

- 严重度：high
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[verification] HIGH: @claude-flow/cli@alpha --version hangs >60s on cold install (ONNX model download on every startup)
- 对用户的影响：可能影响授权、密钥配置或安全边界。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2286 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 4. 安全/权限坑 · 来源证据：[verification] HIGH: v3-ci.yml on main is FAILURE — supply-chain audit job failing

- 严重度：high
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[verification] HIGH: v3-ci.yml on main is FAILURE — supply-chain audit job failing
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2412 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 5. 安全/权限坑 · 来源证据：[verification] HIGH: witness manifests report missing=95 drift=2 on all three platforms

- 严重度：high
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[verification] HIGH: witness manifests report missing=95 drift=2 on all three platforms
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2047 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 6. 安全/权限坑 · 来源证据：[verification] MEDIUM: witness verify blocked — @noble/ed25519 not installed in source-only checkout

- 严重度：high
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[verification] MEDIUM: witness verify blocked — @noble/ed25519 not installed in source-only checkout
- 对用户的影响：可能阻塞安装或首次运行。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2313 | 来源讨论提到 npm 相关条件，需在安装/试用前复核。

## 7. 安装坑 · 失败模式：installation: [verification] HIGH: @claude-flow/cli@alpha --version hangs >60s on cold install (ONNX model...

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: [verification] HIGH: @claude-flow/cli@alpha --version hangs >60s on cold install (ONNX model download on every startup)
- 对用户的影响：Developers may fail before the first successful local run: [verification] HIGH: @claude-flow/cli@alpha --version hangs >60s on cold install (ONNX model download on every startup)
- 证据：failure_mode_cluster:github_issue | https://github.com/ruvnet/ruflo/issues/2286 | [verification] HIGH: @claude-flow/cli@alpha --version hangs >60s on cold install (ONNX model download on every startup)

## 8. 安装坑 · 失败模式：installation: [verification] HIGH: Witness manifests report 95–99 missing build artifacts (dist/ absent)

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: [verification] HIGH: Witness manifests report 95–99 missing build artifacts (dist/ absent)
- 对用户的影响：Developers may fail before the first successful local run: [verification] HIGH: Witness manifests report 95–99 missing build artifacts (dist/ absent)
- 证据：failure_mode_cluster:github_issue | https://github.com/ruvnet/ruflo/issues/2391 | [verification] HIGH: Witness manifests report 95–99 missing build artifacts (dist/ absent)

## 9. 安装坑 · 失败模式：installation: [verification] HIGH: witness manifests report missing=95 drift=2 on all three platforms

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: [verification] HIGH: witness manifests report missing=95 drift=2 on all three platforms
- 对用户的影响：Developers may fail before the first successful local run: [verification] HIGH: witness manifests report missing=95 drift=2 on all three platforms
- 证据：failure_mode_cluster:github_issue | https://github.com/ruvnet/ruflo/issues/2047 | [verification] HIGH: witness manifests report missing=95 drift=2 on all three platforms

## 10. 安装坑 · 失败模式：installation: memory_store emits 128-dim mock embeddings — AgentDB vectorBackend controller never enables

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: memory_store emits 128-dim mock embeddings — AgentDB vectorBackend controller never enables
- 对用户的影响：Developers may fail before the first successful local run: memory_store emits 128-dim mock embeddings — AgentDB vectorBackend controller never enables
- 证据：failure_mode_cluster:github_issue | https://github.com/ruvnet/ruflo/issues/2395 | memory_store emits 128-dim mock embeddings — AgentDB vectorBackend controller never enables

## 11. 安装坑 · 失败模式：installation: v3.10.43 — Fable 5 / Opus 4.x temperature fix, daemon TTL, federation cap

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.10.43 — Fable 5 / Opus 4.x temperature fix, daemon TTL, federation cap
- 对用户的影响：Upgrade or migration may change expected behavior: v3.10.43 — Fable 5 / Opus 4.x temperature fix, daemon TTL, federation cap
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.10.43 | v3.10.43 — Fable 5 / Opus 4.x temperature fix, daemon TTL, federation cap

## 12. 安装坑 · 失败模式：installation: v3.10.44 — CI OOM fix, Windows plugin install

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.10.44 — CI OOM fix, Windows plugin install
- 对用户的影响：Upgrade or migration may change expected behavior: v3.10.44 — CI OOM fix, Windows plugin install
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.10.44 | v3.10.44 — CI OOM fix, Windows plugin install

## 13. 安装坑 · 失败模式：installation: v3.10.45 — hive-mind --dangerously-skip-permissions deny clause

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.10.45 — hive-mind --dangerously-skip-permissions deny clause
- 对用户的影响：Upgrade or migration may change expected behavior: v3.10.45 — hive-mind --dangerously-skip-permissions deny clause
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.10.45 | v3.10.45 — hive-mind --dangerously-skip-permissions deny clause

## 14. 安装坑 · 失败模式：installation: v3.10.46 — stale claude-flow@v3alpha references swept (@dskarasev community batch)

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.10.46 — stale claude-flow@v3alpha references swept (@dskarasev community batch)
- 对用户的影响：Upgrade or migration may change expected behavior: v3.10.46 — stale claude-flow@v3alpha references swept (@dskarasev community batch)
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.10.46 | v3.10.46 — stale claude-flow@v3alpha references swept (@dskarasev community batch)

## 15. 安装坑 · 失败模式：installation: v3.11.0 — router ADR-148/149 + cost-tracker observability + fleet audits

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.11.0 — router ADR-148/149 + cost-tracker observability + fleet audits
- 对用户的影响：Upgrade or migration may change expected behavior: v3.11.0 — router ADR-148/149 + cost-tracker observability + fleet audits
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.11.0 | v3.11.0 — router ADR-148/149 + cost-tracker observability + fleet audits

## 16. 安装坑 · 失败模式：installation: v3.12.0 — ADR-150 metaharness deep integration

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.12.0 — ADR-150 metaharness deep integration
- 对用户的影响：Upgrade or migration may change expected behavior: v3.12.0 — ADR-150 metaharness deep integration
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.12.0 | v3.12.0 — ADR-150 metaharness deep integration

## 17. 安装坑 · 失败模式：installation: v3.12.1 — bundle metaharness plugin scripts

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.12.1 — bundle metaharness plugin scripts
- 对用户的影响：Upgrade or migration may change expected behavior: v3.12.1 — bundle metaharness plugin scripts
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.12.1 | v3.12.1 — bundle metaharness plugin scripts

## 18. 安装坑 · 失败模式：installation: v3.12.2 — kernel-panic fix + cve subcommand fix + hooks hardening

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.12.2 — kernel-panic fix + cve subcommand fix + hooks hardening
- 对用户的影响：Upgrade or migration may change expected behavior: v3.12.2 — kernel-panic fix + cve subcommand fix + hooks hardening
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.12.2 | v3.12.2 — kernel-panic fix + cve subcommand fix + hooks hardening

## 19. 安装坑 · 失败模式：installation: v3.12.3 — #2395 fix: MCP no longer emits 128-dim mock embeddings

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this installation risk before relying on the project: v3.12.3 — #2395 fix: MCP no longer emits 128-dim mock embeddings
- 对用户的影响：Upgrade or migration may change expected behavior: v3.12.3 — #2395 fix: MCP no longer emits 128-dim mock embeddings
- 证据：failure_mode_cluster:github_release | https://github.com/ruvnet/ruflo/releases/tag/v3.12.3 | v3.12.3 — #2395 fix: MCP no longer emits 128-dim mock embeddings

## 20. 安装坑 · 来源证据：ADR-153 — Integrate @metaharness/darwin (Darwin Mode) into ruflo

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：ADR-153 — Integrate @metaharness/darwin (Darwin Mode) into ruflo
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2409 | 来源讨论提到 npm 相关条件，需在安装/试用前复核。

## 21. 安装坑 · 来源证据：Default statusline/hooks use `npx @claude-flow/cli@latest` on high-frequency events → runaway Node processes, jetsam ki…

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：Default statusline/hooks use `npx @claude-flow/cli@latest` on high-frequency events → runaway Node processes, jetsam kills, kernel panic
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2448 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 22. 安装坑 · 来源证据：MCP stdio tools/list response exceeds macOS 64KB pipe buffer, causing tool registration failure

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：MCP stdio tools/list response exceeds macOS 64KB pipe buffer, causing tool registration failure
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2426 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 23. 安装坑 · 来源证据：Regression (ADR-130): graph-edge-writer.js sql.js writer corrupts memory.db on agentdb_causal-edge — reintroduces the d…

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：Regression (ADR-130): graph-edge-writer.js sql.js writer corrupts memory.db on agentdb_causal-edge — reintroduces the dual-write ADR-068 removed (#1257)
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2431 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 24. 安装坑 · 来源证据：Unbounded native memory leak: orphaned sql.js MEMFS `dbfile_*` files (~11 MB each) accumulate per database open

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：Unbounded native memory leak: orphaned sql.js MEMFS `dbfile_*` files (~11 MB each) accumulate per database open
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2432 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 25. 安装坑 · 来源证据：[verification] HIGH: Witness manifests report 95–99 missing build artifacts (dist/ absent)

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：[verification] HIGH: Witness manifests report 95–99 missing build artifacts (dist/ absent)
- 对用户的影响：可能阻塞安装或首次运行。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2391 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 26. 安装坑 · 来源证据：[verification] HIGH: v3-ci.yml on main is FAILURE — supply-chain audit job failing

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：[verification] HIGH: v3-ci.yml on main is FAILURE — supply-chain audit job failing
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2412 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 27. 安装坑 · 来源证据：[verification] MEDIUM: doctor reports MetaHarness ADR-150 integration failure — plugins/ruflo-metaharness/ not found

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：[verification] MEDIUM: doctor reports MetaHarness ADR-150 integration failure — plugins/ruflo-metaharness/ not found
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2437 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 28. 安装坑 · 来源证据：memory_store emits 128-dim mock embeddings — AgentDB vectorBackend controller never enables

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安装相关的待验证问题：memory_store emits 128-dim mock embeddings — AgentDB vectorBackend controller never enables
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2395 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 29. 配置坑 · 可能修改宿主 AI 配置

- 严重度：medium
- 证据强度：source_linked
- 发现：项目面向 Claude/Cursor/Codex/Gemini/OpenCode 等宿主，或安装命令涉及用户配置目录。
- 对用户的影响：安装可能改变本机 AI 工具行为，用户需要知道写入位置和回滚方法。
- 证据：capability.host_targets | https://github.com/ruvnet/ruflo | host_targets=claude_code, claude

## 30. 配置坑 · 失败模式：configuration: [BUG] daemon proliferation: `init.ts:424` spawns `daemon start &` racing the PID-file dedup →...

- 严重度：medium
- 证据强度：source_linked
- 发现：Developers should check this configuration risk before relying on the project: [BUG] daemon proliferation: `init.ts:424` spawns `daemon start &` racing the PID-file dedup → kernel panic on macOS
- 对用户的影响：Developers may misconfigure credentials, environment, or host setup: [BUG] daemon proliferation: `init.ts:424` spawns `daemon start &` racing the PID-file dedup → kernel panic on macOS
- 证据：failure_mode_cluster:github_issue | https://github.com/ruvnet/ruflo/issues/2407 | [BUG] daemon proliferation: `init.ts:424` spawns `daemon start &` racing the PID-file dedup → kernel panic on macOS

## 31. 配置坑 · 来源证据：statusLine: hooks statusline loads ONNX model on every call (~1s), causes Claude Code to timeout and hide the status bar

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个配置相关的待验证问题：statusLine: hooks statusline loads ONNX model on every call (~1s), causes Claude Code to timeout and hide the status bar
- 对用户的影响：可能增加新用户试用和生产接入成本。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2450 | 来源讨论提到 node 相关条件，需在安装/试用前复核。

## 32. 能力坑 · 能力判断依赖假设

- 严重度：medium
- 证据强度：source_linked
- 发现：README/documentation is current enough for a first validation pass.
- 对用户的影响：假设不成立时，用户拿不到承诺的能力。
- 证据：capability.assumptions | https://github.com/ruvnet/ruflo | README/documentation is current enough for a first validation pass.

## 33. 维护坑 · 维护活跃度未知

- 严重度：medium
- 证据强度：source_linked
- 发现：未记录 last_activity_observed。
- 对用户的影响：新项目、停更项目和活跃项目会被混在一起，推荐信任度下降。
- 证据：evidence.maintainer_signals | https://github.com/ruvnet/ruflo | last_activity_observed missing

- 严重度：medium
- 证据强度：source_linked
- 发现：no_demo
- 证据：downstream_validation.risk_items | https://github.com/ruvnet/ruflo | no_demo; severity=medium

## 35. 安全/权限坑 · 存在评分风险

- 严重度：medium
- 证据强度：source_linked
- 发现：no_demo
- 对用户的影响：风险会影响是否适合普通用户安装。
- 证据：risks.scoring_risks | https://github.com/ruvnet/ruflo | no_demo; severity=medium

## 36. 安全/权限坑 · 来源证据：[Dream Cycle 2026-06-18] memory: bi-temporal HNSW gap +10.4pp LongMemEval_S (Engram) + OPD-Evolver beats ReasoningBank…

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[Dream Cycle 2026-06-18] memory: bi-temporal HNSW gap +10.4pp LongMemEval_S (Engram) + OPD-Evolver beats ReasoningBank 11.5%; ADR-161 + plugins,automation scan
- 对用户的影响：可能影响授权、密钥配置或安全边界。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2410 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 37. 安全/权限坑 · 来源证据：[Dream Cycle 2026-06-23] memory: semantic drift from repeated summarization cycles — AgentDB has no governance layer +…

- 严重度：medium
- 证据强度：source_linked
- 发现：GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：[Dream Cycle 2026-06-23] memory: semantic drift from repeated summarization cycles — AgentDB has no governance layer + plugins,automation scan
- 对用户的影响：可能影响授权、密钥配置或安全边界。
- 证据：community_evidence:github | https://github.com/ruvnet/ruflo/issues/2452 | 来源类型 github_issue 暴露的待验证使用条件。

## 38. 维护坑 · issue/PR 响应质量未知

- 严重度：low
- 证据强度：source_linked
- 发现：issue_or_pr_quality=unknown。
- 对用户的影响：用户无法判断遇到问题后是否有人维护。
- 证据：evidence.maintainer_signals | https://github.com/ruvnet/ruflo | issue_or_pr_quality=unknown

## 39. 维护坑 · 发布节奏不明确

- 严重度：low
- 证据强度：source_linked
- 发现：release_recency=unknown。
- 对用户的影响：安装命令和文档可能落后于代码，用户踩坑概率升高。
- 证据：evidence.maintainer_signals | https://github.com/ruvnet/ruflo | release_recency=unknown