moflo 4.10.20 → 4.10.21

package/dist/src/cli/memory/bridge-entries.js

@@ -7,7 +7,7 @@
  *
  * @module v3/cli/bridge-entries
  */
-import { cosineSim, execRows, generateId, logBridgeError, persistBridgeDb, refreshVectorStatsCache, withDb } from './bridge-core.js';
+import { cosineSim, execRows, generateId, logBridgeError, persistBridgeDb, refreshVectorStatsCache, searchCandidateCap, withDb } from './bridge-core.js';
 import { embeddingResponseFrom, getBridgeEmbedder, resolveBridgeEmbedding } from './bridge-embedder.js';
 import { errorDetail } from '../shared/utils/error-detail.js';
 /**
@@ -461,11 +461,17 @@ export async function bridgeSearchEntries(options) {
         const nsFilter = namespace !== 'all' ? `AND namespace = ?` : '';
         let rows;
         try {
+            // #1201 — ORDER BY created_at DESC before the cap. A bare `LIMIT 1000`
+            // (no ORDER BY) truncated the candidate pool by rowid, so on a populated
+            // DB the first 1000 rows were all bulk-indexed code-map and a
+            // no-namespace search never scored learnings/patterns/etc. Recency
+            // ordering keeps recent curated entries in the pool when truncation hits.
             const sql = `
         SELECT id, key, namespace, content, metadata, embedding
         FROM memory_entries
         WHERE status = 'active' ${nsFilter}
-        LIMIT 1000
+        ORDER BY created_at DESC
+        LIMIT ${searchCandidateCap()}
       `;
             rows = namespace !== 'all' ? execRows(ctx.db, sql, [namespace]) : execRows(ctx.db, sql);
         }

package/dist/src/cli/memory/memory-bridge.js

@@ -9,7 +9,7 @@
  *
  * @module v3/cli/memory-bridge
  */
-import { cosineSim, execRows, generateId, getRegistry, persistBridgeDb, withDb, } from './bridge-core.js';
+import { cosineSim, execRows, generateId, getRegistry, persistBridgeDb, searchCandidateCap, withDb, } from './bridge-core.js';
 import { bridgeSearchEntries, bridgeStoreEntry, } from './bridge-entries.js';
 import { BRIDGE_EMBEDDING_MODEL, getBridgeEmbedder, } from './bridge-embedder.js';
 // ===== Re-exports: primitives =====
@@ -73,11 +73,15 @@ export async function bridgeSearchHNSW(queryEmbedding, options, dbPath) {
             : '';
         let rows;
         try {
+            // #1201 — recency-ordered candidate cap; see searchCandidateCap. A bare
+            // LIMIT truncated by rowid, hiding recent non-code-map namespaces from a
+            // no-namespace search.
             const sql = `
         SELECT id, key, namespace, content, embedding
         FROM memory_entries
         WHERE status = 'active' AND embedding IS NOT NULL ${nsFilter}
-        LIMIT 10000
+        ORDER BY created_at DESC
+        LIMIT ${searchCandidateCap()}
       `;
             rows = nsFilter ? execRows(ctx.db, sql, [options.namespace]) : execRows(ctx.db, sql);
         }

package/dist/src/cli/memory/memory-initializer.js

@@ -22,7 +22,7 @@ import { HnswLite } from './hnsw-lite.js';
 import { tryLoadHnswSidecar } from './hnsw-persistence.js';
 import { EMBEDDING_MODEL_OPT_OUT, getBridgeEmbedder, isEphemeralNamespace } from './bridge-embedder.js';
 import { parseEmbeddingJson, toFloat32 } from './controllers/_shared.js';
-import { writeVectorStatsJson } from './bridge-core.js';
+import { searchCandidateCap, writeVectorStatsJson } from './bridge-core.js';
 import { serialiseMetadata } from './bridge-entries.js';
 import { errorDetail } from '../shared/utils/error-detail.js';
 import { MOFLO_DIR, hnswIndexPath, legacyMemoryDbPath, memoryDbPath, } from '../services/moflo-paths.js';
@@ -1836,12 +1836,16 @@ export async function searchEntries(options) {
         // Fall back to brute-force SQLite search via the unified factory.
         const db = openDaemonDatabase(dbPath);
         // Get entries with embeddings
+        // #1201 — recency-ordered candidate cap (see searchCandidateCap). A bare
+        // LIMIT truncated by rowid, hiding recent non-code-map namespaces from a
+        // no-namespace search.
         const entries = db.exec(`
       SELECT id, key, namespace, content, metadata, embedding
       FROM memory_entries
       WHERE status = 'active'
         ${namespace !== 'all' ? `AND namespace = '${namespace.replace(/'/g, "''")}'` : ''}
-      LIMIT 1000
+      ORDER BY created_at DESC
+      LIMIT ${searchCandidateCap()}
     `);
         const results = [];
         if (entries[0]?.values) {

package/dist/src/cli/services/hook-block-hash.js

@@ -37,6 +37,12 @@ const scriptHook = (file, timeout) => ({
     command: `node "${SCRIPTS_PREFIX}/${file}"`,
     timeout,
 });
+/** Build a `node "<scripts/file>" <subcommand>` hook entry. */
+const scriptHookSub = (file, sub, timeout) => ({
+    type: 'command',
+    command: `node "${SCRIPTS_PREFIX}/${file}"${sub ? ` ${sub}` : ''}`,
+    timeout,
+});
 const gateHook = (sub, timeout) => helperHook('gate-hook.mjs', sub, timeout);
 const gateCjs = (sub, timeout) => helperHook('gate.cjs', sub, timeout);
 const handler = (sub, timeout) => helperHook('hook-handler.cjs', sub, timeout);
@@ -97,6 +103,8 @@ export function getReferenceHookBlock() {
             { hooks: [helperHook('prompt-hook.mjs', '', 3000)] },
             // #931 — Defensive safety-net hook. State reset only, no emission.
             { hooks: [gateHook('prompt-state-reset', 3000)] },
+            // #1198 — auto-meditate capture (detect). Default-ON (opt-out in-script).
+            { hooks: [scriptHookSub('meditate-capture.mjs', 'meditate-detect', 3000)] },
         ],
         SubagentStart: [
             { hooks: [helperHook('subagent-start.cjs', '', 2000)] },
@@ -107,7 +115,7 @@ export function getReferenceHookBlock() {
             },
         ],
         Stop: [
-            { hooks: [handler('session-end', 5000), autoMemory('sync', 10000)] },
+            { hooks: [handler('session-end', 5000), autoMemory('sync', 10000), scriptHookSub('session-continuity.mjs', 'capture', 5000), scriptHookSub('meditate-capture.mjs', 'meditate-scrape', 5000)] },
         ],
         PreCompact: [
             { hooks: [gateCjs('compact-guidance', 3000)] },

package/dist/src/cli/services/hook-wiring.js

@@ -37,6 +37,19 @@ export const REQUIRED_HOOK_WIRING = [
     // the duplicate `prompt-reminder` wiring that was emitting the TaskCreate
     // REMINDER twice per prompt (#931).
     { event: 'UserPromptSubmit', pattern: 'prompt-state-reset' },
+    // #1185 — passive session-continuity capture on the Stop hook. Self-heals
+    // into existing consumers on upgrade so the feature reaches everyone, not
+    // just fresh `flo init`. Capture is default-on (silent); injection is
+    // relevance-gated at session-start.
+    { event: 'Stop', pattern: 'session-continuity.mjs' },
+    // #1198 — auto-meditate capture (default-ON; opt out via
+    // auto_meditate.enabled: false). `meditate-detect` (UserPromptSubmit) injects the
+    // answer-first directive on a strong signal; `meditate-scrape` (Stop) harvests
+    // <meditate-capture> tags into the ledger. Both share meditate-capture.mjs, so
+    // the unique subcommand token (not the shared filename) is the presence
+    // discriminator — same convention as gate-hook subcommands like record-test-run.
+    { event: 'UserPromptSubmit', pattern: 'meditate-detect' },
+    { event: 'Stop', pattern: 'meditate-scrape' },
 ];
 /**
  * Map gate pattern → hook entry to add when missing from settings.json.
@@ -78,6 +91,15 @@ export const HOOK_ENTRY_MAP = {
     // Defensive safety-net — runs gate.cjs `prompt-state-reset` if prompt-hook.mjs
     // throws before completing the per-prompt state reset. State-only, no emission.
     'prompt-state-reset': { event: 'UserPromptSubmit', matcher: '', hook: { type: 'command', command: 'node "$CLAUDE_PROJECT_DIR/.claude/helpers/gate-hook.mjs" prompt-state-reset', timeout: 3000 } },
+    // #1185 — passive session-continuity capture (Stop hook). Bare block (no
+    // matcher), like the UserPromptSubmit entries; Claude Code fires every Stop
+    // block, so a separate block alongside session-end/sync is fine.
+    'session-continuity.mjs': { event: 'Stop', matcher: '', hook: { type: 'command', command: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/session-continuity.mjs" capture', timeout: 5000 } },
+    // #1198 — auto-meditate capture. Default-ON (the script no-ops only when
+    // auto_meditate.enabled is false). Bare blocks (no matcher), like the other
+    // UserPromptSubmit/Stop entries.
+    'meditate-detect': { event: 'UserPromptSubmit', matcher: '', hook: { type: 'command', command: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/meditate-capture.mjs" meditate-detect', timeout: 3000 } },
+    'meditate-scrape': { event: 'Stop', matcher: '', hook: { type: 'command', command: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/meditate-capture.mjs" meditate-scrape', timeout: 5000 } },
 };
 /**
  * Inspect a parsed settings.json object for missing required hook wirings
@@ -156,6 +178,22 @@ export const HOOK_REWRITE_RULES = [
         from: 'node "$CLAUDE_PROJECT_DIR/.claude/helpers/gate.cjs" check-before-agent',
         to: 'node "$CLAUDE_PROJECT_DIR/.claude/helpers/gate-hook.mjs" check-before-agent',
     },
+    // Auto-meditate rebrand — the auto-reflect capture script + subcommands were
+    // renamed (reflect-capture.mjs → meditate-capture.mjs; reflect-detect/scrape →
+    // meditate-detect/scrape). Existing consumers self-heal here: the stale hook
+    // command is rewritten in place on session-start, so no dead hook is left
+    // pointing at the pruned reflect-capture.mjs. Idempotent (a command already at
+    // `to` won't match `from`).
+    {
+        name: 'auto-meditate rebrand: reflect-capture detect → meditate-capture detect',
+        from: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/reflect-capture.mjs" reflect-detect',
+        to: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/meditate-capture.mjs" meditate-detect',
+    },
+    {
+        name: 'auto-meditate rebrand: reflect-capture scrape → meditate-capture scrape',
+        from: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/reflect-capture.mjs" reflect-scrape',
+        to: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/meditate-capture.mjs" meditate-scrape',
+    },
 ];
 export const MATCHER_REWRITE_RULES = [
     // Issue #929 — Claude Code anchors hook matchers (`^…$` semantics), so a

package/dist/src/cli/transfer/anonymization/index.js

@@ -1,34 +1,102 @@
 /**
  * Anonymization Pipeline
- * PII detection and redaction for pattern export
+ * PII detection and redaction before a CFP is shared **externally**.
+ *
+ * ── Secret-pattern sourcing (#1193) ─────────────────────────────────────────
+ * The secret/credential *detection shapes* (Anthropic/OpenAI `sk-`/`sk-ant-`
+ * keys, GitHub `ghp_`/`github_pat_`, AWS `AKIA…`, Slack `xox…`, Google `AIza…`,
+ * JWTs, PEM private-key blocks, bearer / url / assigned secrets) are
+ * SINGLE-SOURCED from the session-continuity scrubber `bin/lib/pii-scrub.mjs`
+ * (its exported `SECRET_PATTERNS` + `scrubSecrets`).
+ *
+ * Before #1193 this module carried its own narrow `apiKey` regex
+ * (`/\b(sk-|pk-|api[_-]?key[_-]?)[a-zA-Z0-9]{20,}\b/gi`). For `sk-ant-api03-…`
+ * the hyphen after `sk-ant` broke the `[a-zA-Z0-9]{20,}` run, so a *live*
+ * Anthropic key — plus GitHub/AWS/Slack tokens — survived anonymization and
+ * could leak in a CFP published externally. Rather than re-type the broader
+ * shapes here (which would drift from the scrubber), we load the canonical set.
+ *
+ * The two modules keep DIFFERENT threat models, so only the SECRET shapes are
+ * shared, not the policies:
+ *   - `pii-scrub.mjs` protects the user's OWN local disk → deliberately KEEPS
+ *     benign context (file paths, IPs) and only nukes literal secrets.
+ *   - this module pseudonymises for EXTERNAL publication → additionally strips
+ *     emails / phones / IPs / home paths. Those non-secret PII patterns and
+ *     their replacement policy stay defined locally below.
+ *
+ * ── Cross-boundary loading (CLAUDE.md Rule #1 + dogfooding) ──────────────────
+ * `bin/lib/pii-scrub.mjs` lives outside this module's TypeScript compile unit.
+ * A static `../../../../bin/lib/pii-scrub.mjs` import is the banned depth-mismatch
+ * anti-pattern (the path differs between `src/cli/**` and `dist/src/cli/**`), so
+ * the scrubber is reached the sanctioned way: `locateMofloRootPath()` (the
+ * shared moflo-package anchor, which also existence-checks) + `pathToFileURL()`
+ * + dynamic `import()`. `pathToFileURL` is what makes the ESM
+ * `import()` work on Windows; the join is platform-agnostic. That dynamic load
+ * is why `detectPII` / `redactPII` / `anonymizeCFP` / `scanCFPForPII` are async.
+ *
+ * The loader is fail-CLOSED: if the scrubber can't be resolved we throw rather
+ * than silently export un-redacted content — a credential leak is the worse
+ * outcome for an external-share path.
  */
 import * as crypto from 'crypto';
+import { join } from 'path';
+import { pathToFileURL } from 'url';
+import { locateMofloRootPath } from '../../services/moflo-require.js';
 /**
- * PII detection patterns
+ * Non-secret PII detection patterns owned by THIS module's external-share
+ * policy. Secret shapes are NOT here — they come from `bin/lib/pii-scrub.mjs`
+ * (see file header) so they only have to be maintained in one place.
  */
 const PII_PATTERNS = {
     email: /\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b/g,
     phone: /\b(\+?\d{1,3}[-.\s]?)?\(?\d{3}\)?[-.\s]?\d{3}[-.\s]?\d{4}\b/g,
     ipv4: /\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b/g,
     ipv6: /\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b/g,
-    apiKey: /\b(sk-|pk-|api[_-]?key[_-]?)[a-zA-Z0-9]{20,}\b/gi,
-    jwt: /\beyJ[a-zA-Z0-9_-]*\.eyJ[a-zA-Z0-9_-]*\.[a-zA-Z0-9_-]*\b/g,
     homePath: /\/(Users|home|Documents)\/[a-zA-Z0-9_.-]+/g,
     windowsPath: /[A-Z]:\\Users\\[a-zA-Z0-9_.-]+/g,
 };
 /**
- * Redaction replacements
+ * Replacement policy for the local non-secret PII patterns above. Secret
+ * replacements are applied by `scrubSecrets` from the shared module.
  */
 const REDACTIONS = {
     email: (match) => `user_${hash(match).slice(0, 8)}@example.com`,
     phone: '[REDACTED_PHONE]',
     ipv4: '0.0.0.0',
     ipv6: '::1',
-    apiKey: '[REDACTED_API_KEY]',
-    jwt: '[REDACTED_JWT]',
     homePath: '/user/anonymous',
     windowsPath: 'C:\\Users\\anonymous',
 };
+/**
+ * Lazily import the shared scrubber once per process and cache the promise.
+ * Fail-closed: a missing/garbled scrubber throws so the export aborts instead
+ * of shipping un-redacted credentials.
+ */
+let piiScrubPromise = null;
+function loadPiiScrub() {
+    if (!piiScrubPromise) {
+        piiScrubPromise = (async () => {
+            const scrubPath = locateMofloRootPath(join('bin', 'lib', 'pii-scrub.mjs'));
+            if (!scrubPath) {
+                throw new Error('[anonymization] bin/lib/pii-scrub.mjs not found under the moflo package root — ' +
+                    'refusing to anonymize without the shared secret scrubber (would risk leaking ' +
+                    'credentials in an external share).');
+            }
+            const mod = (await import(pathToFileURL(scrubPath).href));
+            if (!Array.isArray(mod.SECRET_PATTERNS) || typeof mod.scrubSecrets !== 'function') {
+                throw new Error('[anonymization] bin/lib/pii-scrub.mjs is missing SECRET_PATTERNS/scrubSecrets — broken moflo install.');
+            }
+            return mod;
+        })().catch((err) => {
+            // Never cache a rejected promise — a transient/early failure must not
+            // poison every later anonymize call. Clear the singleton so a subsequent
+            // call re-attempts the load (still fail-closed: it re-throws here).
+            piiScrubPromise = null;
+            throw err;
+        });
+    }
+    return piiScrubPromise;
+}
 /**
  * Hash a string for consistent pseudonymization
  */
@@ -36,41 +104,51 @@ function hash(input) {
     return crypto.createHash('sha256').update(input).digest('hex');
 }
 /**
- * Detect PII in a string
+ * Detect PII in a string. Combines the shared secret shapes (always `critical`)
+ * with this module's local non-secret PII patterns.
  */
-export function detectPII(content) {
+export async function detectPII(content) {
     const result = {
         found: false,
         count: 0,
         types: {},
         locations: [],
     };
-    for (const [type, pattern] of Object.entries(PII_PATTERNS)) {
+    const record = (type, pattern, severity) => {
+        // Reset lastIndex defensively — these regexes are module-shared and carry
+        // /g, so a prior .test()/.exec() elsewhere must not leak state.
+        pattern.lastIndex = 0;
         const matches = content.match(pattern);
-        if (matches) {
-            result.found = true;
-            result.count += matches.length;
-            result.types[type] = matches.length;
-            for (const match of matches.slice(0, 5)) { // Limit to first 5 samples
-                result.locations.push({
-                    type,
-                    path: 'content',
-                    sample: match.slice(0, 20) + (match.length > 20 ? '...' : ''),
-                    severity: getSeverity(type),
-                });
-            }
+        if (!matches)
+            return;
+        result.found = true;
+        result.count += matches.length;
+        result.types[type] = (result.types[type] ?? 0) + matches.length;
+        for (const match of matches.slice(0, 5)) {
+            // Limit to first 5 samples
+            result.locations.push({
+                type,
+                path: 'content',
+                sample: match.slice(0, 20) + (match.length > 20 ? '...' : ''),
+                severity,
+            });
         }
+    };
+    const { SECRET_PATTERNS } = await loadPiiScrub();
+    for (const { name, pattern } of SECRET_PATTERNS) {
+        record(name, pattern, 'critical');
+    }
+    for (const [type, pattern] of Object.entries(PII_PATTERNS)) {
+        record(type, pattern, getSeverity(type));
     }
     return result;
 }
 /**
- * Get severity for PII type
+ * Get severity for a local (non-secret) PII type. Secret shapes are always
+ * reported as `critical` by `detectPII`, so they never reach this helper.
  */
 function getSeverity(type) {
     switch (type) {
-        case 'apiKey':
-        case 'jwt':
-            return 'critical';
         case 'email':
         case 'phone':
             return 'high';
@@ -82,25 +160,30 @@ function getSeverity(type) {
     }
 }
 /**
- * Redact PII from a string
+ * Redact PII from a string. Secrets are removed first via the shared scrubber
+ * (broad vendor-token coverage), then this module's external-share PII policy
+ * pseudonymises emails / phones / IPs / home paths.
  */
-export function redactPII(content) {
-    let result = content;
+export async function redactPII(content) {
+    const { scrubSecrets } = await loadPiiScrub();
+    let result = scrubSecrets(content);
     for (const [type, pattern] of Object.entries(PII_PATTERNS)) {
+        pattern.lastIndex = 0;
         const replacement = REDACTIONS[type];
-        if (typeof replacement === 'function') {
-            result = result.replace(pattern, replacement);
-        }
-        else {
-            result = result.replace(pattern, replacement);
-        }
+        // Narrow the union for `String.replace`'s overloads: email is a function
+        // replacer, the rest are literal strings. A blanket `as string` cast would
+        // mis-describe (and risk silently breaking) the function case.
+        result =
+            typeof replacement === 'function'
+                ? result.replace(pattern, replacement)
+                : result.replace(pattern, replacement);
     }
     return result;
 }
 /**
  * Apply anonymization to CFP document
  */
-export function anonymizeCFP(cfp, level) {
+export async function anonymizeCFP(cfp, level) {
     const transforms = [];
     const anonymized = JSON.parse(JSON.stringify(cfp));
     // Level: Minimal
@@ -113,10 +196,24 @@ export function anonymizeCFP(cfp, level) {
     }
     // Level: Standard
     if (['standard', 'strict', 'paranoid'].includes(level)) {
-        // Redact PII from all string fields
+        // Redact secrets/PII from the patterns body...
         const jsonStr = JSON.stringify(anonymized.patterns);
-        const redacted = redactPII(jsonStr);
+        const redacted = await redactPII(jsonStr);
         anonymized.patterns = JSON.parse(redacted);
+        // ...and from free-text metadata (name / description / tags), which is the
+        // SAME external-share leak vector (#1193): a secret pasted into a CFP's
+        // description or a tag would otherwise survive at every level. The rest of
+        // metadata is structured (ids, timestamps, license); author displayName was
+        // already dropped at the minimal level above.
+        if (anonymized.metadata.name) {
+            anonymized.metadata.name = await redactPII(anonymized.metadata.name);
+        }
+        if (anonymized.metadata.description) {
+            anonymized.metadata.description = await redactPII(anonymized.metadata.description);
+        }
+        if (Array.isArray(anonymized.metadata.tags) && anonymized.metadata.tags.length > 0) {
+            anonymized.metadata.tags = await Promise.all(anonymized.metadata.tags.map((tag) => redactPII(tag)));
+        }
         transforms.push('pii-redacted');
         // Generalize timestamps
         anonymized.anonymization.timestampsGeneralized = true;
@@ -168,8 +265,17 @@ export function anonymizeCFP(cfp, level) {
 /**
  * Scan CFP for PII without modification
  */
-export function scanCFPForPII(cfp) {
-    const content = JSON.stringify(cfp.patterns);
+export async function scanCFPForPII(cfp) {
+    // Scan the same surface anonymizeCFP redacts: the patterns body plus the
+    // free-text metadata fields (name / description / tags) — so the scan can't
+    // report "clean" on a CFP whose description carries a secret (#1193).
+    const meta = cfp.metadata;
+    const content = JSON.stringify({
+        patterns: cfp.patterns,
+        name: meta?.name,
+        description: meta?.description,
+        tags: meta?.tags,
+    });
     return detectPII(content);
 }
 //# sourceMappingURL=index.js.map

package/dist/src/cli/transfer/deploy-seraphine.js

@@ -136,7 +136,7 @@ async function deploy() {
     }
     // Step 3: Scan for PII
     console.log('🔍 Scanning for PII...');
-    const piiScan = scanCFPForPII(genesis);
+    const piiScan = await scanCFPForPII(genesis);
     if (piiScan.found) {
         console.log(`   Found ${piiScan.count} PII items:`);
         for (const [type, count] of Object.entries(piiScan.types)) {

package/dist/src/cli/transfer/export.js

@@ -13,12 +13,12 @@ import { uploadToIPFS } from './ipfs/upload.js';
 export async function exportPatterns(cfp, options = {}) {
     const { output, format = 'json', anonymize = 'standard', redactPii = true, stripPaths = false, toIpfs = false, pin = true, gateway = 'https://w3s.link', } = options;
     // Step 1: Scan for PII
-    const piiScan = scanCFPForPII(cfp);
+    const piiScan = await scanCFPForPII(cfp);
     if (piiScan.found && redactPii) {
         console.log(`Found ${piiScan.count} PII items, will be redacted`);
     }
     // Step 2: Apply anonymization
-    const { cfp: anonymizedCfp, transforms } = anonymizeCFP(cfp, anonymize);
+    const { cfp: anonymizedCfp, transforms } = await anonymizeCFP(cfp, anonymize);
     console.log(`Applied ${transforms.length} anonymization transforms: ${transforms.join(', ')}`);
     // Step 3: Serialize
     const serialized = format === 'json'

package/dist/src/cli/transfer/store/publish.js

@@ -23,7 +23,7 @@ export class PatternPublisher {
         console.log(`[Publish] Starting publish: ${options.name}`);
         try {
             // Step 1: Anonymize if needed
-            const anonymized = anonymizeCFP(cfp, options.anonymize);
+            const anonymized = await anonymizeCFP(cfp, options.anonymize);
             console.log(`[Publish] Anonymization level: ${options.anonymize}`);
             // Step 2: Serialize content
             const content = JSON.stringify(anonymized, null, 2);

package/dist/src/cli/version.js

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.10.20';
+export const VERSION = '4.10.21';
 //# sourceMappingURL=version.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.10.20",
+  "version": "4.10.21",
   "description": "MoFlo — AI agent orchestration for Claude Code. A standalone, opinionated toolkit with semantic memory, learned routing, gates, spells, and the /flo issue-execution skill.",
   "main": "dist/src/cli/index.js",
   "type": "module",
@@ -95,7 +95,7 @@
     "@typescript-eslint/eslint-plugin": "^7.18.0",
     "@typescript-eslint/parser": "^7.18.0",
     "eslint": "^8.0.0",
-    "moflo": "^4.10.19",
+    "moflo": "^4.10.21-rc.1",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"

package/scripts/post-install-bootstrap.mjs

@@ -24,10 +24,9 @@
  *
  *   The bootstrap only has to do enough to break the deadlock.
  *
- * The lists below MUST stay aligned with bin/session-start-launcher.mjs
- * section 3 (the launcher's own sync). A unit test asserts list parity
- * (mcp-tools-drift-guard pattern). See SCRIPT_FILES / BIN_HELPER_FILES /
- * SOURCE_HELPER_FILES exports.
+ * The script + helper lists are read at runtime from the canonical manifest
+ * bin/lib/shipped-scripts.json (#1191) — the SAME source the launcher §3 reads —
+ * so the npm-install path and the session-start path can no longer drift.
  *
  * Failure posture:
  *   - Surface per-file failures on stderr with `flo doctor --fix` advice
@@ -47,46 +46,16 @@ import {
 import { dirname, join, resolve } from 'node:path';
 import { fileURLToPath, pathToFileURL } from 'node:url';
 import { errMessage, makeSyncer } from '../bin/lib/file-sync.mjs';
+import { loadShippedScripts } from '../bin/lib/shipped-scripts.mjs';
 
 const SCRIPT_PATH = fileURLToPath(import.meta.url);
 const MOFLO_ROOT = resolve(dirname(SCRIPT_PATH), '..');
 
-// ── Sync lists — keep in lockstep with bin/session-start-launcher.mjs §3 ─────
+// ── Sync lists ───────────────────────────────────────────────────────────────
 //
-// Drift guard: tests/unit/post-install-bootstrap-drift.test.ts asserts these
-// arrays match the launcher's section-3 sync lists by parsing both files.
-
-export const SCRIPT_FILES = [
-  'hooks.mjs',
-  'session-start-launcher.mjs',
-  'index-guidance.mjs',
-  'build-embeddings.mjs',
-  'generate-code-map.mjs',
-  'semantic-search.mjs',
-  'index-tests.mjs',
-  'index-patterns.mjs',
-  'index-all.mjs',
-  'setup-project.mjs',
-  'run-migrations.mjs',
-];
-
-export const BIN_HELPER_FILES = [
-  'gate.cjs',
-  'gate-hook.mjs',
-  'prompt-hook.mjs',
-  'hook-handler.cjs',
-  'simplify-classify.cjs',
-];
-
-export const SOURCE_HELPER_FILES = [
-  'auto-memory-hook.mjs',
-  'statusline.cjs',
-  'intelligence.cjs',
-  'subagent-start.cjs',
-  'subagent-bootstrap.json',
-  'pre-commit',
-  'post-commit',
-];
+// The script + helper lists are read at runtime from the canonical manifest
+// bin/lib/shipped-scripts.json (#1191) — the SAME source the launcher §3 reads —
+// so the npm-install path and the session-start path can no longer drift.
 
 // ── Retry + atomic copy + circuit breaker (#854 / #975) ─────────────────────
 //
@@ -148,13 +117,24 @@ export async function runBootstrap({
     return { ran: false, reason: 'no-bin-dir' };
   }
 
+  // Canonical sync lists (#1191) — read from the freshly-installed package's
+  // bin/lib so the bootstrap and the launcher §3 can't drift. A broken manifest
+  // aborts gracefully (postinstall must never throw / block npm install).
+  let scriptFiles, binHelperFiles, sourceHelperFiles;
+  try {
+    ({ scriptFiles, binHelperFiles, sourceHelperFiles } = loadShippedScripts(resolve(binDir, 'lib')));
+  } catch (err) {
+    log(`bootstrap: shipped-scripts manifest unreadable (${errMessage(err)}) — skipping`);
+    return { ran: false, reason: 'no-manifest' };
+  }
+
   const { syncFile, failures } = makeSyncer();
   let synced = 0;
 
   // 1. Top-level scripts → .claude/scripts/
   const scriptsDir = resolve(claudeDir, 'scripts');
   if (!existsSync(scriptsDir)) mkdirSync(scriptsDir, { recursive: true });
-  for (const file of SCRIPT_FILES) {
+  for (const file of scriptFiles) {
     const result = await syncFile(
       resolve(binDir, file),
       resolve(scriptsDir, file),
@@ -210,7 +190,7 @@ export async function runBootstrap({
   // 4. bin/ helpers → .claude/helpers/
   const helpersDir = resolve(claudeDir, 'helpers');
   if (!existsSync(helpersDir)) mkdirSync(helpersDir, { recursive: true });
-  for (const file of BIN_HELPER_FILES) {
+  for (const file of binHelperFiles) {
     const result = await syncFile(
       resolve(binDir, file),
       resolve(helpersDir, file),
@@ -223,7 +203,7 @@ export async function runBootstrap({
   // (these never lived in bin/ — they're shipped via .claude/helpers/** in files[])
   const sourceHelpersDir = resolve(mofloRoot, '.claude/helpers');
   if (existsSync(sourceHelpersDir)) {
-    for (const file of SOURCE_HELPER_FILES) {
+    for (const file of sourceHelperFiles) {
       const src = resolve(sourceHelpersDir, file);
       if (!existsSync(src)) continue;
       const result = await syncFile(src, resolve(helpersDir, file), `.claude/helpers/${file}`);

package/dist/src/cli/hooks/llm/index.js

@@ -1,11 +0,0 @@
-/**
- * V3 LLM Hooks Module
- *
- * Exports LLM-specific hooks for request caching,
- * optimization, cost tracking, and pattern learning.
- *
- * @module moflo/cli/hooks/llm
- */
-export * from './llm-hooks.js';
-export { llmHooks as default } from './llm-hooks.js';
-//# sourceMappingURL=index.js.map