moflo 4.10.27 → 4.10.28

package/.claude/skills/publish/SKILL.md

@@ -229,9 +229,15 @@ Confirm the published version matches what we just built.
 
 ```bash
 npm install moflo@<new-version> --save-dev
+npm install --package-lock-only --force
+npm ci --dry-run --legacy-peer-deps
 ```
 
-This updates `package.json` and `package-lock.json` to use the newly published version as a devDependency.
+The first command updates `package.json` and `package-lock.json` to use the newly published version as a devDependency.
+
+The second command (`--package-lock-only --force`) backfills cross-platform optional-dependency entries that npm omits from the lockfile when `npm install` runs on a single host platform. Without it, transitive optional deps like the nested `@rolldown/binding-wasm32-wasi/node_modules/@emnapi/*` entries get dropped when publishing from Windows, and the resulting lockfile fails `npm ci` on Ubuntu/macOS CI legs. This produced the green-`release-smoke` → red-`ci.yml` divergence in run `26487580745` (moflo@4.10.27 install commit).
+
+The final `npm ci --dry-run --legacy-peer-deps` proves the resulting lockfile is in sync with `package.json` before we commit it. If this exits non-zero, stop and investigate — do not commit a broken lockfile.
 
 ### Step 13: Final Commit
 

package/dist/src/cli/commands/doctor-checks-config.js

@@ -673,6 +673,58 @@ export async function checkMofloYamlCompliance(cwd = process.cwd()) {
         fix: 'Restart Claude Code (yaml-upgrader auto-appends) or `npx moflo init --force`',
     };
 }
+/**
+ * #1229 — standing tripwire for a silently-disabled memory_first gate.
+ *
+ * `gates.memory_first` is the only enforcement of the memory-search-first
+ * protocol. When it is `false` in moflo.yaml the protocol is off repo-wide
+ * with no per-prompt signal — and because the disabled gate is itself what
+ * surfaces the stored "never disable memory_first" learning, the situation
+ * self-conceals. Historically a daemon-spawned headless analysis worker could
+ * write this value unprompted to unblock itself (the `optimize` worker editing
+ * `moflo.yaml` to `memory_first: false  # Temporarily disabled for performance
+ * analysis`); that root cause is fixed by making those workers read-only, but
+ * this check is the loud, standing detector so the state never goes unnoticed
+ * again — whatever writes it (worker, agent, or a deliberate consumer edit).
+ *
+ * Warn rather than fail: disabling the gate is a legitimate (if rare) choice;
+ * the point is that it can never be silent. Matches only an *active* (un-
+ * commented) `memory_first: false` line and is EOL-agnostic so it behaves
+ * identically on CRLF (Windows) and LF (POSIX) checkouts.
+ *
+ * Exported with a cwd param so tests can target a temp root without touching
+ * process.cwd().
+ */
+export async function checkMemoryFirstGate(cwd = process.cwd()) {
+    const yamlPath = join(cwd, 'moflo.yaml');
+    // Absence is covered by checkMofloYamlCompliance; with no file the gate
+    // defaults to enabled, so there is nothing to warn about here.
+    if (!existsSync(yamlPath)) {
+        return { name: 'Memory-First Gate', status: 'pass', message: 'Enabled (default — no moflo.yaml override)' };
+    }
+    let content;
+    try {
+        content = readFileSync(yamlPath, 'utf-8');
+    }
+    catch (e) {
+        return { name: 'Memory-First Gate', status: 'warn', message: `Unable to read moflo.yaml: ${errorDetail(e)}` };
+    }
+    // Active value only: a line whose first non-whitespace token is
+    // `memory_first: false`. A commented `# memory_first: false` is ignored
+    // because the leading `#` defeats the `^\s*memory_first` anchor.
+    const disabled = content
+        .split(/\r?\n/)
+        .some((line) => /^\s*memory_first:\s*false\b/i.test(line));
+    if (disabled) {
+        return {
+            name: 'Memory-First Gate',
+            status: 'warn',
+            message: 'DISABLED in moflo.yaml — memory-search-first protocol is off repo-wide and silent per-prompt',
+            fix: 'Restore `gates.memory_first: true` (e.g. `git checkout -- moflo.yaml`) unless you disabled it deliberately',
+        };
+    }
+    return { name: 'Memory-First Gate', status: 'pass', message: 'Enabled' };
+}
 /**
  * #981 / #987 — surfaces the single-writer-architecture safety net.
  *

package/dist/src/cli/commands/doctor-registry.js

@@ -12,7 +12,7 @@ import { checkWritersAudit } from './doctor-checks-writers-audit.js';
 import { checkSwarmFunctional, checkHiveMindFunctional, } from './doctor-checks-swarm.js';
 import { checkMemoryAccessFunctional } from './doctor-checks-memory-access.js';
 import { checkBuildTools, checkClaudeCode, checkDiskSpace, checkGit, checkGitRepo, checkNodeVersion, checkNpmVersion, } from './doctor-checks-runtime.js';
-import { checkConfigFile, checkDaemonIdentity, checkDaemonOrphan, checkDaemonStatus, checkDaemonWriteRouting, checkMcpServers, checkMemoryDatabase, checkMemoryDbIntegrity, checkMofloYamlCompliance, checkNestedMofloIslands, checkStatusLine, checkSwarmResidue, checkTestDirs, } from './doctor-checks-config.js';
+import { checkConfigFile, checkDaemonIdentity, checkDaemonOrphan, checkDaemonStatus, checkDaemonWriteRouting, checkMcpServers, checkMemoryDatabase, checkMemoryDbIntegrity, checkMemoryFirstGate, checkMofloYamlCompliance, checkNestedMofloIslands, checkStatusLine, checkSwarmResidue, checkTestDirs, } from './doctor-checks-config.js';
 import { checkSpellEngine, checkSandboxTier } from './doctor-checks-platform.js';
 import { checkEmbeddings, checkSemanticQuality, } from './doctor-checks-memory.js';
 import { checkIntelligence } from './doctor-checks-intelligence.js';
@@ -34,6 +34,8 @@ export const allChecks = [
     checkGitRepo,
     checkConfigFile,
     checkMofloYamlCompliance,
+    // #1229 — loud tripwire for a silently-disabled memory_first gate.
+    checkMemoryFirstGate,
     checkStatusLine,
     checkDaemonStatus,
     checkDaemonVersionSkew,
@@ -97,6 +99,8 @@ export const componentMap = {
     'config': checkConfigFile,
     'yaml': checkMofloYamlCompliance,
     'moflo-yaml': checkMofloYamlCompliance,
+    'memory-first': checkMemoryFirstGate,
+    'memory-gate': checkMemoryFirstGate,
     'statusline': checkStatusLine,
     'status-line': checkStatusLine,
     'daemon': checkDaemonStatus,

package/dist/src/cli/services/headless-worker-executor.js

@@ -46,6 +46,28 @@ const MODEL_IDS = {
     opus: 'claude-opus-4-6',
     haiku: 'claude-haiku-4-5-20251001',
 };
+/**
+ * Tool allowlist for every headless worker. These workers are READ-ONLY by
+ * design: they analyse the codebase and produce a report. Moflo persists their
+ * stdout to `.moflo/reports/<type>.<ext>` itself (see `executeInternal`), so
+ * they never need write capability to deliver their output.
+ *
+ * Restricting tools here is a GATE-INTEGRITY guarantee, not a tidy-up. The
+ * spawn previously ran `claude --print <prompt>` with no tool restriction, so
+ * a daemon-spawned worker inherited the consumer's permissions and could edit
+ * any file in their tree. The `optimize` ("Performance optimization") worker
+ * is `enabled: true` by default and runs unattended; given write access and a
+ * "analyze this codebase for performance optimizations" prompt, it reasons its
+ * way into editing `moflo.yaml` to `memory_first: false`
+ * (`# Temporarily disabled for performance analysis`) to unblock its own
+ * non-memory-first tool calls against the gate — silently disabling the
+ * memory-first protocol repo-wide and dirtying the working tree every run.
+ * Worse, the gate it disables is what surfaces the "never disable memory_first"
+ * learning, so the loop self-conceals. A read-only allowlist makes that edit
+ * physically impossible while leaving full analysis capability (Read/Glob/Grep)
+ * intact. See issue #1229.
+ */
+const HEADLESS_WORKER_ALLOWED_TOOLS = 'Read,Glob,Grep';
 /**
  * Default headless worker configurations based on ADR-020 (the
  * `audit`/`document`/`predict` entries from the original ADR were dropped
@@ -811,7 +833,7 @@ export class HeadlessWorkerExecutor extends EventEmitter {
     buildPrompt(template, context, reportPath) {
         const ioInstructions = `## Output
 
-Save the full report to \`${reportPath}\` using the Write tool. Overwrite any prior content at that path. DO NOT create any other files anywhere in the project; if you need to suggest test skeletons or code samples, include them inline in the report as fenced code blocks. Moflo persists the same output to that path after you finish, so the location is authoritative.`;
+Save the full report to \`${reportPath}\` by emitting it as your response — moflo writes your output to that path after you finish, so that location is authoritative. You are a READ-ONLY analysis worker and have no write tools: do not attempt to create or modify any file in the project, and in particular never edit \`moflo.yaml\`, anything under \`.claude/\`, or any gate/config (the memory-first gate stays on — comply with it, never disable it). Include any test skeletons or code samples inline in the report as fenced code blocks.`;
         if (!context) {
             return `${template}
 
@@ -845,8 +867,11 @@ ${ioInstructions}`;
             };
             // Set model
             env.ANTHROPIC_MODEL = MODEL_IDS[options.model];
-            // Spawn claude CLI process
-            const child = spawn('claude', ['--print', prompt], {
+            // Spawn claude CLI process. Keep `--print` first and the prompt second
+            // (callers/tests rely on argv[0]/argv[1]); the read-only allowlist is
+            // appended so these analysis workers cannot mutate the consumer's tree
+            // (e.g. disable a gate in moflo.yaml). See HEADLESS_WORKER_ALLOWED_TOOLS.
+            const child = spawn('claude', ['--print', prompt, '--allowedTools', HEADLESS_WORKER_ALLOWED_TOOLS], {
                 cwd: this.projectRoot,
                 env,
                 stdio: ['pipe', 'pipe', 'pipe'],

package/dist/src/cli/version.js

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.10.27';
+export const VERSION = '4.10.28';
 //# sourceMappingURL=version.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.10.27",
+  "version": "4.10.28",
   "description": "MoFlo — AI agent orchestration for Claude Code. A standalone, opinionated toolkit with semantic memory, learned routing, gates, spells, and the /flo issue-execution skill.",
   "main": "dist/src/cli/index.js",
   "type": "module",
@@ -95,7 +95,7 @@
     "@typescript-eslint/eslint-plugin": "^7.18.0",
     "@typescript-eslint/parser": "^7.18.0",
     "eslint": "^8.0.0",
-    "moflo": "^4.10.26",
+    "moflo": "^4.10.27",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"