moflo 4.10.3 → 4.10.5

package/.claude/guidance/shipped/moflo-core-guidance.md

@@ -6,6 +6,22 @@
 
 ---
 
+## Runtime Target: Claude Code Only
+
+**MoFlo targets Anthropic's Claude Code exclusively** — the CLI, IDE extensions (VS Code, JetBrains), and the web app at claude.ai/code. It is not a Claude Desktop integration and is never installed into Claude Desktop's config tree.
+
+| Tool | Status | Config paths moflo touches |
+|------|--------|----------------------------|
+| Claude Code (CLI, IDE extensions, web) | Sole supported target | `<project>/.mcp.json`, `<project>/.claude/settings.json`, `<project>/.moflo/`, `<project>/moflo.yaml` |
+| Claude Desktop (the macOS/Windows app) | **Out of scope — never** | None — moflo neither reads nor writes Claude Desktop config |
+| Other MCP-capable clients (Cline, Continue, etc.) | Unsupported, may incidentally work | None — bug reports require Claude Code reproduction |
+
+**Never** introduce a code path, search list, fixture, or doc that reads from or writes to `~/.claude/claude_desktop_config.json`, `~/Library/Application Support/Claude/`, or `%APPDATA%/Claude/`. Those are Claude **Desktop** paths. Including them in moflo's MCP-config search list caused issue #1126: a parseable Claude Desktop preferences file outranked a malformed project `.mcp.json`, masking the real failure and routing the auto-fixer down a no-op branch.
+
+The one ambiguous-looking path is Claude Code's user-level config at `~/.claude.json` (where `claude mcp add` writes). MoFlo doesn't author or rewrite that file either; the project-local `.mcp.json` written by `flo init` is the canonical surface moflo owns end-to-end.
+
+---
+
 ## Getting Started
 
 ### Installation

package/README.md

@@ -8,7 +8,7 @@
 
 ## TL;DR
 
-MoFlo makes your AI coding assistant remember what it learns, check what it knows before exploring files, and get smarter over time — all automatically. Install it, run `flo init`, restart your AI client, and everything just works: your docs and code are indexed on session start so the AI can search them instantly, gates prevent the AI from wasting tokens on blind exploration, task outcomes feed back into routing so it picks the right agent type next time, and context depletion warnings tell you when to start a fresh session. No configuration, no API keys, no cloud services — it all runs locally on your machine.
+MoFlo makes Claude Code remember what it learns, check what it knows before exploring files, and get smarter over time — all automatically. Install it, run `flo init`, restart Claude Code, and everything just works: your docs and code are indexed on session start so Claude can search them instantly, gates prevent Claude from wasting tokens on blind exploration, task outcomes feed back into routing so it picks the right agent type next time, and context depletion warnings tell you when to start a fresh session. No configuration, no API keys, no cloud services — it all runs locally on your machine.
 
 ## Quickstart
 
@@ -17,7 +17,7 @@ npm install --save-dev moflo
 flo init
 ```
 
-Restart Claude Code (or your MCP client). That's it — memory, indexing, gates, and routing are all active.
+Restart Claude Code. That's it — memory, indexing, gates, and routing are all active.
 
 Or — just ask Claude to install MoFlo into your project and initialize it!
 
@@ -44,7 +44,7 @@ MoFlo makes deliberate choices so you don't have to:
 - **Task registration before agents** — Sub-agents can't spawn until work is tracked. Prevents runaway agent proliferation.
 - **Learned routing** — Task outcomes feed back into the routing system automatically. No manual configuration needed — it gets smarter with use.
 - **Incremental indexing** — Guidance and code map indexes run on every session start but skip unchanged files. Fast after the first run.
-- **Built for Claude Code, works with others** — We develop and test exclusively with Claude Code. The MCP tools, memory system, and hooks are client-independent and should work with any MCP-capable AI client, but Claude Code is the only tested target.
+- **Claude Code is the only target** — MoFlo is built and shipped for Anthropic's Claude Code (CLI, IDE extensions, web). It is **not** a Claude Desktop integration: nothing reads from or writes to `~/.claude/claude_desktop_config.json` or `%APPDATA%/Claude/`, and adding paths there is always a bug. The MCP tools, memory system, and hooks could in principle work with any MCP-capable client, but Claude Code is the *only* surface we author for, test against, or accept bug reports on.
 - **GitHub-oriented** — The `/flo` skill, PR automation, and issue tracking are built around GitHub. With Claude's help, you can adapt them to your own issue tracker and source control system.
 - **Cross-platform** — Works identically on macOS, Linux, and Windows.
 
@@ -185,7 +185,7 @@ MoFlo automatically indexes three types of content on every session start, so yo
 
 ### How it works
 
-1. **Session start hook** — When your AI client starts a new session, MoFlo's `SessionStart` hook launches the indexers sequentially in a single background process. This runs silently — you can start working immediately.
+1. **Session start hook** — When Claude Code starts a new session, MoFlo's `SessionStart` hook launches the indexers sequentially in a single background process. This runs silently — you can start working immediately.
 2. **Incremental** — Each indexer tracks file modification times. Only files that changed since the last index run are re-processed. The first run on a large codebase may take a minute or two; subsequent runs typically finish in under a second.
 3. **Embedding generation** — Guidance chunks are embedded using MiniLM-L6-v2 (384 dimensions, WASM). These vectors are stored in the SQLite memory database and used for semantic search.
 4. **No blocking** — The indexers run in the background and don't block your session from starting. You can begin working immediately.
@@ -211,9 +211,9 @@ flo memory refresh           # Reindex everything + rebuild embeddings + vacuum
 
 ### Why this matters
 
-Without auto-indexing, your AI assistant starts every session with a blank slate — it doesn't know what documentation exists, where code lives, or what tests cover which files. It resorts to Glob/Grep exploration, which burns tokens and context window on rediscovery.
+Without auto-indexing, Claude Code starts every session with a blank slate — it doesn't know what documentation exists, where code lives, or what tests cover which files. It resorts to Glob/Grep exploration, which burns tokens and context window on rediscovery.
 
-With auto-indexing, the AI can search semantically ("how does auth work?") and get relevant documentation chunks ranked by similarity, or ask "where is the user model defined?" and get a direct answer from the code map — all without touching the filesystem.
+With auto-indexing, Claude can search semantically ("how does auth work?") and get relevant documentation chunks ranked by similarity, or ask "where is the user model defined?" and get a direct answer from the code map — all without touching the filesystem.
 
 ## The Gate System
 
@@ -261,7 +261,7 @@ You can also disable individual hooks in `.claude/settings.json` by removing the
 
 ## The `/flo` Skill
 
-Inside your AI client, the `/flo` (or `/fl`) slash command drives GitHub issue execution:
+Inside Claude Code, the `/flo` (or `/fl`) slash command drives GitHub issue execution:
 
 ```
 /flo <issue>                  # Full process (research → implement → test → PR)
@@ -272,7 +272,7 @@ Inside your AI client, the `/flo` (or `/fl`) slash command drives GitHub issue e
 /flo -n <issue>               # Normal mode (default, single agent, no swarm)
 ```
 
-For full options and details, type `/flo` with no arguments — your AI client will display the complete skill documentation. Also available as `/fl`.
+For full options and details, type `/flo` with no arguments — Claude Code will display the complete skill documentation. Also available as `/fl`.
 
 ### Epic handling
 
@@ -313,7 +313,7 @@ flo epic reset 42                          # Reset state for re-run
 
 ### What are spells?
 
-Spells are declarative YAML automations composed of pluggable step commands. They exist because shell scripts drift, ad-hoc prompts aren't reproducible, and CI/CD pipelines are the wrong tool for local automation. A spell is **deterministic** (same inputs → same steps), **reviewable** (a YAML file you read like a recipe), and **replayable** (re-cast it tomorrow and it behaves the same). Spells run from the CLI (`flo spell cast`), from an MCP tool call inside your AI client, or on a schedule.
+Spells are declarative YAML automations composed of pluggable step commands. They exist because shell scripts drift, ad-hoc prompts aren't reproducible, and CI/CD pipelines are the wrong tool for local automation. A spell is **deterministic** (same inputs → same steps), **reviewable** (a YAML file you read like a recipe), and **replayable** (re-cast it tomorrow and it behaves the same). Spells run from the CLI (`flo spell cast`), from an MCP tool call inside Claude Code, or on a schedule.
 
 ### How do they work?
 
@@ -425,7 +425,7 @@ For full configuration (`scheduler:` block in `moflo.yaml`), event types, and th
 
 ### Building spells with the `/spell-builder` skill
 
-Inside your AI client, use the `/spell-builder` skill to create, edit, and validate spell definitions interactively. The skill understands the full spell schema and available step commands, so you can describe what you want in natural language and it will generate the YAML:
+Inside Claude Code, use the `/spell-builder` skill to create, edit, and validate spell definitions interactively. The skill understands the full spell schema and available step commands, so you can describe what you want in natural language and it will generate the YAML:
 
 ```
 /spell-builder                           # Start the spell builder
@@ -507,7 +507,7 @@ flo diagnose --json              # JSON output for CI/automation
 
 #### `flo healer` — Health Check
 
-`flo healer` runs 28 parallel health checks against your environment and reports pass/warn/fail for each:
+`flo healer` runs 38 parallel health checks against your environment and reports pass/warn/fail for each:
 
 | Check | What it verifies |
 |-------|-----------------|
@@ -549,7 +549,8 @@ flo diagnose --json              # JSON output for CI/automation
 | Missing config file | Runs `config init` to generate defaults |
 | Status line not wired | Adds `statusLine` config block to `.claude/settings.json` |
 | Stale daemon lock | Removes stale `.moflo/daemon.lock` and restarts daemon |
-| MCP server not configured | Runs `claude mcp add moflo` to register the server |
+| Malformed `.mcp.json` (e.g. unescaped Windows paths) | Backs up the broken file as `.mcp.json.malformed-<ts>`, regenerates a clean one, verifies it parses (#1126) |
+| MCP server missing from a valid `.mcp.json` | Runs `claude mcp add moflo` to register the server |
 | Claude Code CLI missing | Installs `@anthropic-ai/claude-code` globally |
 | Zombie processes | Kills orphaned MoFlo processes (tracked + OS-level scan) |
 
@@ -658,7 +659,7 @@ These are the backend systems that hooks and commands interact with.
 | **EWC++ Consolidation** | Elastic Weight Consolidation that prevents catastrophic forgetting | New learning doesn't overwrite patterns from earlier sessions | Yes |
 | **Session Persistence** | Stop hook exports session metrics; SessionStart hook restores prior state | Patterns learned on Monday are available on Friday | Yes |
 | **Status Line** | Live dashboard showing git branch, session state, memory stats, MCP status | At-a-glance visibility into what MoFlo is doing | Yes |
-| **MCP Tool Server** | 100+ MCP tools for memory, hooks, coordination, spells, swarm, etc. (schemas deferred by default) | Enables AI clients to interact with MoFlo programmatically | Yes (deferred) |
+| **MCP Tool Server** | 80+ MCP tools for memory, hooks, coordination, spells, swarm, etc. (schemas deferred by default) | Lets Claude Code call MoFlo functionality directly | Yes (deferred) |
 
 ### Systems (available but off by default)
 
@@ -670,11 +671,11 @@ These are the backend systems that hooks and commands interact with.
 
 ## The Two-Layer Task System
 
-MoFlo doesn't replace your AI client's task system — it wraps it. Your client (Claude Code, Cursor, or any MCP-capable tool) handles spawning agents and running code. MoFlo adds a coordination layer on top that handles memory, routing, and learning.
+MoFlo doesn't replace Claude Code's task system — it wraps it. Claude Code handles spawning agents and running code. MoFlo adds a coordination layer on top that handles memory, routing, and learning.
 
 ```
 ┌──────────────────────────────────────────────────┐
-│  YOUR AI CLIENT (Execution Layer)                │
+│  CLAUDE CODE (Execution Layer)                   │
 │  Spawns agents, runs code, streams output        │
 │  TaskCreate → Agent → TaskUpdate → results       │
 ├──────────────────────────────────────────────────┤
@@ -688,14 +689,14 @@ Here's how a typical task flows through both layers:
 
 1. **MoFlo routes** — Before work starts, MoFlo analyzes the prompt and recommends an agent type and model tier via hook or MCP tool.
 2. **MoFlo gates** — Before an agent can spawn, MoFlo verifies that memory was searched and a task was registered. This prevents blind exploration.
-3. **Your client executes** — The actual agent runs through your client's native task system. MoFlo doesn't manage the agent — your client handles execution, output, and completion.
+3. **Claude Code executes** — The actual agent runs through Claude Code's native task system. MoFlo doesn't manage the agent — Claude Code handles execution, output, and completion.
 4. **MoFlo learns** — After the agent finishes, MoFlo records what worked (or didn't) in its memory database. Successful patterns feed into future routing.
 
-The key insight: **your client handles execution, MoFlo handles knowledge.** Your client is good at spawning agents and running code. MoFlo is good at remembering what happened, routing to the right agent, and ensuring prior knowledge is checked before exploring from scratch.
+The key insight: **Claude Code handles execution, MoFlo handles knowledge.** Claude Code is good at spawning agents and running code. MoFlo is good at remembering what happened, routing to the right agent, and ensuring prior knowledge is checked before exploring from scratch.
 
-For complex work, MoFlo structures tasks into waves — a research wave discovers context, then an implementation wave acts on it — with dependencies tracked through both the client's task system and MoFlo's coordination layer. The full integration pattern is documented in `.claude/guidance/moflo-claude-swarm-cohesion.md`.
+For complex work, MoFlo structures tasks into waves — a research wave discovers context, then an implementation wave acts on it — with dependencies tracked through both Claude Code's task system and MoFlo's coordination layer. The full integration pattern is documented in `.claude/guidance/moflo-claude-swarm-cohesion.md`.
 
-The `/flo` skill ties both systems together for GitHub issues — driving the full process (research → enhance → implement → test → simplify → PR) with your client's agents for execution and MoFlo's memory for continuity.
+The `/flo` skill ties both systems together for GitHub issues — driving the full process (research → enhance → implement → test → simplify → PR) with Claude Code's agents for execution and MoFlo's memory for continuity.
 
 ### Intelligent Agent Routing
 

package/bin/lib/daemon-recycler.mjs

@@ -0,0 +1,203 @@
+#!/usr/bin/env node
+/**
+ * Detached recycler for §2a of session-start-launcher.mjs.
+ *
+ * The launcher used to inline the kill-and-restart synchronously, which kept
+ * up to 500ms of liveness-polling in the foreground — fine on Linux, but on
+ * Windows under the SessionStart hook's 3000ms timeout it eroded the budget
+ * that's supposed to be spent on real work. Per the launcher's contract
+ * ("spawns background tasks via spawn(detached + unref) and exits
+ * immediately"), the daemon recycle belongs in a detached worker.
+ *
+ * Invocation (from §2a, via fireAndForget):
+ *   node bin/lib/daemon-recycler.mjs <projectRoot> <pid> <installedVersion>
+ *
+ * Steps:
+ *   1. Force-kill <pid> (Windows: taskkill /F /T, Unix: SIGKILL). Skip
+ *      graceful — by this point the launcher has already decided the daemon
+ *      is running stale code and its shutdown handlers are stale too.
+ *   2. Poll liveness up to 5s. Unlink the lockfile only once the PID is gone,
+ *      so a surviving daemon can't re-attach to the unlinked path.
+ *   3. Spawn `node node_modules/moflo/bin/cli.js daemon start --quiet`
+ *      detached + unref so this recycler can exit immediately.
+ *
+ * Output is intentionally silent — there's no parent to read it. Failures are
+ * surfaced via `.moflo/daemon-recycle.last.json` for `flo doctor` to read.
+ */
+
+import { spawn, execFileSync } from 'node:child_process';
+import { existsSync, openSync, closeSync, unlinkSync, writeFileSync, readFileSync } from 'node:fs';
+import { resolve, join } from 'node:path';
+
+const [, , projectRootArg, pidArg, installedVersion] = process.argv;
+
+if (!projectRootArg || !pidArg) {
+  // No way to surface this — the launcher fire-and-forgets us, no parent
+  // captures stderr. Bail silently.
+  process.exit(2);
+}
+
+const projectRoot = resolve(projectRootArg);
+const pid = Number.parseInt(pidArg, 10);
+const lockFile = join(projectRoot, '.moflo', 'daemon.lock');
+
+// EPERM means "exists but owned by another user" — treat as alive (matches
+// launcher's isDaemonPidAlive contract). ESRCH means "no such process" — dead.
+//
+// Linux zombie handling: on Linux, `kill(pid, 0)` succeeds for zombie processes
+// (exited but not yet reaped). A zombie can't write to the DB or hold locks, so
+// treating it as alive exhausts the 5s kill budget polling a corpse. Read
+// /proc/<pid>/stat and treat 'Z' as dead — same logic the launcher uses (#1083).
+function isAlive(p) {
+  if (!p || p <= 0) return false;
+  try {
+    process.kill(p, 0);
+  } catch (err) {
+    return err && err.code === 'EPERM';
+  }
+  if (process.platform === 'linux') {
+    try {
+      const stat = readFileSync(`/proc/${p}/stat`, 'utf-8');
+      const lastParen = stat.lastIndexOf(')');
+      if (lastParen !== -1 && stat.charAt(lastParen + 2) === 'Z') return false;
+    } catch (err) {
+      if (err && err.code === 'ENOENT') return false;
+      // /proc unavailable — fall through with the kill(0) verdict.
+    }
+  }
+  return true;
+}
+
+function sleepSyncMs(ms) {
+  const buf = new Int32Array(new SharedArrayBuffer(4));
+  Atomics.wait(buf, 0, 0, ms);
+}
+
+function writeOutcome(status, detail) {
+  try {
+    writeFileSync(
+      join(projectRoot, '.moflo', 'daemon-recycle.last.json'),
+      JSON.stringify(
+        {
+          status,
+          detail,
+          pid,
+          installedVersion: installedVersion ?? null,
+          completedAt: new Date().toISOString(),
+        },
+        null,
+        2,
+      ),
+    );
+  } catch { /* best-effort — doctor reads this file optionally */ }
+}
+
+// ── 0. Single-recycler advisory lock ────────────────────────────────────────
+// Two session starts within the same second can both fire §2a, both detect
+// behind, both spawn this recycler against the same PID. Without the lock,
+// both call `daemon start` and race for daemon-lock acquisition — only one
+// daemon wins but the other wastes a spawn cycle. Use O_EXCL on a sentinel
+// file so the second invocation exits early.
+const recycleLock = join(projectRoot, '.moflo', 'recycle.lock');
+let lockFd;
+let lockAcquired = false;
+try {
+  lockFd = openSync(recycleLock, 'wx'); // O_CREAT | O_EXCL
+  lockAcquired = true;
+} catch (err) {
+  if (err && err.code === 'EEXIST') {
+    // Another recycler is mid-flight. Bail silently — it will handle the kill.
+    writeOutcome('already-running', `another recycler holds ${recycleLock}`);
+    process.exit(0);
+  }
+  // Unexpected — proceed without the lock rather than blocking the recycle.
+}
+
+// Release the advisory lock on every exit path, including process.exit() and
+// crashes. Idempotent: if the lock wasn't acquired this becomes a no-op.
+process.on('exit', () => {
+  if (!lockAcquired) return;
+  try { closeSync(lockFd); } catch { /* already closed */ }
+  try { unlinkSync(recycleLock); } catch { /* already gone */ }
+});
+
+// ── 1. Force-kill ───────────────────────────────────────────────────────────
+// EPERM on the kill attempt means the daemon is owned by another user. Can't
+// kill it. Don't proceed to unlink + restart — that'd resurrect a fresh daemon
+// alongside the foreign-owned one, double-writing the DB.
+let killBlockedByEperm = false;
+if (Number.isFinite(pid) && pid > 0 && isAlive(pid)) {
+  try {
+    if (process.platform === 'win32') {
+      execFileSync('taskkill', ['/F', '/T', '/PID', String(pid)], { windowsHide: true, timeout: 5000 });
+    } else {
+      process.kill(pid, 'SIGKILL');
+    }
+  } catch (err) {
+    if (err && (err.code === 'EPERM' || err.code === 'EACCES')) {
+      killBlockedByEperm = true;
+    }
+    // Other errors (ESRCH = already dead) — fall through; liveness poll confirms.
+  }
+}
+
+if (killBlockedByEperm) {
+  writeOutcome('kill-permission-denied', `PID ${pid} owned by another user — leaving daemon alive, not spawning replacement`);
+  process.exit(1);
+}
+
+// ── 2. Wait for death, then unlink the lockfile ─────────────────────────────
+const deadline = Date.now() + 5000;
+let killed = !isAlive(pid);
+while (!killed && Date.now() < deadline) {
+  sleepSyncMs(100);
+  killed = !isAlive(pid);
+}
+
+if (!killed) {
+  writeOutcome('kill-failed', `PID ${pid} survived 5s force-kill window`);
+  process.exit(1);
+}
+
+// Only unlink once we know nothing's holding the lock file's old identity.
+// A surviving daemon would re-write a lockfile with its stale PID + version
+// and defeat the whole purpose of the recycle.
+try {
+  if (existsSync(lockFile)) {
+    // Defensive: if the lockfile has been re-written under us (another
+    // recycler raced), only unlink if the PID still matches what we killed.
+    try {
+      const current = JSON.parse(readFileSync(lockFile, 'utf-8'));
+      if (typeof current?.pid === 'number' && current.pid !== pid) {
+        writeOutcome('lock-changed', `another daemon (PID ${current.pid}) wrote the lock; leaving it alone`);
+        process.exit(0);
+      }
+    } catch { /* unreadable / malformed — fall through and unlink */ }
+    unlinkSync(lockFile);
+  }
+} catch { /* non-fatal */ }
+
+// ── 3. Spawn fresh daemon, detached + unref ─────────────────────────────────
+const cliPath = join(projectRoot, 'node_modules', 'moflo', 'bin', 'cli.js');
+if (existsSync(cliPath)) {
+  try {
+    const child = spawn('node', [cliPath, 'daemon', 'start', '--quiet'], {
+      cwd: projectRoot,
+      stdio: 'ignore',
+      detached: true,
+      shell: false,
+      windowsHide: true,
+    });
+    child.unref();
+    writeOutcome('ok', 'fresh daemon spawn requested');
+  } catch (err) {
+    writeOutcome('spawn-failed', err && err.message ? err.message : String(err));
+    process.exit(1);
+  }
+} else {
+  writeOutcome('cli-missing', `node_modules/moflo/bin/cli.js not present at ${cliPath}`);
+  process.exit(1);
+}
+
+// Recycler's job is done. Exit fast.
+process.exit(0);

package/bin/session-start-launcher.mjs

@@ -432,41 +432,49 @@ function stopDaemon(lockFile) {
 
   let killed = false;
   if (stalePid !== null && isDaemonPidAlive(stalePid)) {
-    // Graceful signal — platform-aware. On Windows, `process.kill(pid, 'SIGTERM')`
-    // silently force-kills (skipping the daemon's shutdown handlers that flush
-    // sql.js + release lock cleanly), so use bare `taskkill` (no /F) for a
-    // close-event signal.
-    try {
-      if (process.platform === 'win32') {
-        execFileSync('taskkill', ['/PID', String(stalePid)], { windowsHide: true, timeout: 5000 });
-      } else {
-        process.kill(stalePid, 'SIGTERM');
-      }
-    } catch { /* signal/spawn failed — fall through to liveness poll + force */ }
-
-    // Poll for death up to 3s. The daemon's shutdown handler does a final
-    // sql.js dump + lock release, which under load can take ~1s.
-    const gracefulDeadline = Date.now() + 3000;
-    while (Date.now() < gracefulDeadline) {
-      if (!isDaemonPidAlive(stalePid)) { killed = true; break; }
-      sleepSyncMs(100);
-    }
-
-    // Force-kill if still alive.
-    if (!killed) {
+    // Platform-split shutdown. On Linux/macOS, SIGTERM lets the daemon's
+    // shutdown handler run a final sql.js dump + lock release before we
+    // escalate.
+    //
+    // On Windows there is no SIGTERM equivalent for our headless detached
+    // Node daemon — `taskkill /PID` (no /F) sends a window-close message
+    // that a non-GUI process can't receive and always fails with the visible
+    // error 'process can only be terminated forcefully'. The prior
+    // implementation invoked it anyway, swallowed the error, then polled
+    // alive for 3s before escalating — exactly the time-waste that pushed
+    // §3's stopDaemon past the 3000ms SessionStart hook timeout. Go
+    // straight to /F /T (tree-kill, in case a worker child outlived its
+    // parent) on Win.
+    if (process.platform === 'win32') {
       try {
-        if (process.platform === 'win32') {
-          execFileSync('taskkill', ['/F', '/T', '/PID', String(stalePid)], { windowsHide: true, timeout: 5000 });
-        } else {
-          process.kill(stalePid, 'SIGKILL');
-        }
-      } catch { /* dead or unreachable */ }
-      // Short grace period for OS reap.
+        execFileSync('taskkill', ['/F', '/T', '/PID', String(stalePid)], { windowsHide: true, timeout: 5000 });
+      } catch { /* dead or unreachable — liveness poll below confirms */ }
+      // Short grace period for OS reap (typically ~ms).
       const forceDeadline = Date.now() + 1000;
       while (Date.now() < forceDeadline) {
         if (!isDaemonPidAlive(stalePid)) { killed = true; break; }
         sleepSyncMs(100);
       }
+    } else {
+      try { process.kill(stalePid, 'SIGTERM'); } catch { /* signal failed — escalate below */ }
+
+      // Poll for death up to 3s. The daemon's shutdown handler does a final
+      // sql.js dump + lock release, which under load can take ~1s.
+      const gracefulDeadline = Date.now() + 3000;
+      while (Date.now() < gracefulDeadline) {
+        if (!isDaemonPidAlive(stalePid)) { killed = true; break; }
+        sleepSyncMs(100);
+      }
+
+      // Force-kill if still alive.
+      if (!killed) {
+        try { process.kill(stalePid, 'SIGKILL'); } catch { /* dead or unreachable */ }
+        const forceDeadline = Date.now() + 1000;
+        while (Date.now() < forceDeadline) {
+          if (!isDaemonPidAlive(stalePid)) { killed = true; break; }
+          sleepSyncMs(100);
+        }
+      }
     }
 
     if (!killed) {
@@ -499,6 +507,42 @@ function recycleDaemon(lockFile, label) {
   return true;
 }
 
+// Numeric semver compare. Returns -1 / 0 / +1 for a vs b. Treats missing
+// segments as 0 so '4.10' < '4.10.4'. Strips pre-release tags ('1.2.3-beta'
+// compares as '1.2.3') — close enough for "is the daemon's version behind
+// the installed package's version", which is all §2a needs.
+function compareVersionsSemver(a, b) {
+  const norm = (v) => String(v || '').split('-')[0].split('.').map((s) => {
+    const n = parseInt(s, 10);
+    return Number.isFinite(n) ? n : 0;
+  });
+  const aa = norm(a);
+  const bb = norm(b);
+  const len = Math.max(aa.length, bb.length);
+  for (let i = 0; i < len; i++) {
+    const av = aa[i] ?? 0;
+    const bv = bb[i] ?? 0;
+    if (av < bv) return -1;
+    if (av > bv) return 1;
+  }
+  return 0;
+}
+
+// Resolve `bin/lib/daemon-recycler.mjs` across the three places it can live:
+//   1. node_modules/moflo/bin/lib/  (consumer install, always present)
+//   2. .claude/scripts/lib/         (synced copy in consumer/dogfood projects)
+//   3. bin/lib/                     (dogfood source tree)
+// Returns null when not found — §2a falls back to inline force-kill in that
+// case, which is the pre-recycler behavior.
+function resolveDaemonRecyclerPath() {
+  const candidates = [
+    resolve(projectRoot, 'node_modules/moflo/bin/lib/daemon-recycler.mjs'),
+    resolve(projectRoot, '.claude/scripts/lib/daemon-recycler.mjs'),
+    resolve(projectRoot, 'bin/lib/daemon-recycler.mjs'),
+  ];
+  return candidates.find((p) => existsSync(p)) || null;
+}
+
 // ── 2. Reset workflow state for new session ──────────────────────────────────
 const stateDir = resolve(projectRoot, '.claude');
 const stateFile = resolve(stateDir, 'workflow-state.json');
@@ -514,6 +558,84 @@ try {
   // Non-fatal - workflow gate will use defaults
 }
 
+// ── 2a. Recycle daemon when behind installed version (#1054 follow-up) ──────
+// Promoted from §3a-pre to run BEFORE §3's file-sync work. The launcher has
+// a 3000ms SessionStart hook timeout (src/cli/services/hook-block-hash.ts);
+// §0c (DB repair) + §3 (file-sync, manifest, cherry-pick) + stopDaemon's
+// up-to-4s graceful poll routinely exceeds it on upgrade sessions, killing
+// the launcher mid-§3. Result: §3a-pre never ran on the very sessions that
+// needed it, leaving a stale-version daemon alive after `npm install moflo`
+// + Claude restart — `📊 ?` in the statusline (this bug's tell).
+//
+// Semver-BEHIND only — a downgrade-test daemon ahead of installed is left
+// alone. Pre-#1054 daemons (no `version` field in the lock) are treated as
+// behind because by construction they predate version publishing.
+//
+// Force-kill skips the graceful poll: a stale-code daemon's flush handlers
+// are themselves stale, and losing one in-flight flush beats running past
+// the hook timeout. fireAndForget the fresh `daemon start` so spawn returns
+// immediately and the launcher can move on to §3.
+try {
+  const mofloPkgPath = resolve(projectRoot, 'node_modules/moflo/package.json');
+  const lockFile = resolve(projectRoot, '.moflo', 'daemon.lock');
+  // Single readFileSync each (try/catch instead of existsSync + readFileSync)
+  // — halves the syscalls in the hot path and closes the TOCTOU window where
+  // the file existed for existsSync but was unlinked before readFileSync.
+  let installedVersion;
+  let daemonVersion;
+  let daemonPid;
+  try {
+    installedVersion = JSON.parse(readFileSync(mofloPkgPath, 'utf-8')).version;
+  } catch { /* node_modules/moflo absent — fresh consumer or fatal, nothing §2a can do */ }
+  let lockReadOk = false;
+  try {
+    const lock = JSON.parse(readFileSync(lockFile, 'utf-8'));
+    lockReadOk = true;
+    if (typeof lock?.version === 'string') daemonVersion = lock.version;
+    if (typeof lock?.pid === 'number' && lock.pid > 0) daemonPid = lock.pid;
+  } catch { /* no lock or corrupt — no daemon to recycle, skip the block below */ }
+
+  if (installedVersion && lockReadOk) {
+    const isBehind = !daemonVersion || compareVersionsSemver(daemonVersion, installedVersion) < 0;
+    if (isBehind) {
+      const observed = daemonVersion ?? '<pre-1054 / unknown>';
+      const recyclerPath = resolveDaemonRecyclerPath();
+      if (recyclerPath && daemonPid && daemonPid > 0) {
+        // Fire-and-forget the detached recycler. Per the launcher's contract
+        // ("spawns background tasks ... and exits immediately"), the
+        // kill+wait+restart sequence runs in a separate process so §2a's
+        // foreground cost is ~ms instead of up-to-5s. The recycler writes
+        // .moflo/daemon-recycle.last.json on completion for doctor to read.
+        fireAndForget(
+          'node',
+          [recyclerPath, projectRoot, String(daemonPid), installedVersion],
+          'daemon-behind-recycle',
+        );
+        emitMutation(
+          'recycled stale daemon',
+          `behind: daemon v${observed} → installed v${installedVersion}`,
+        );
+      } else if (!recyclerPath) {
+        // Recycler script missing — happens during the transition release
+        // where the launcher upgraded but bin/lib/daemon-recycler.mjs hasn't
+        // synced yet. Surface so /healer can flag; §3 below will sync the
+        // recycler on this session and §2a covers it on the next.
+        emitWarning(
+          `daemon-behind recycle: bin/lib/daemon-recycler.mjs not resolvable — ` +
+          `daemon v${observed} stays alive this session, will recycle on the next`,
+        );
+      } else {
+        // No PID — lockfile is corrupt or malformed. Unlink it so a fresh
+        // daemon can start cleanly on the next worker request.
+        try { unlinkSync(lockFile); } catch { /* non-fatal */ }
+        emitMutation('cleared malformed daemon lock', `version field: ${observed}`);
+      }
+    }
+  }
+} catch (err) {
+  emitWarning(`daemon-behind check failed: ${errMessage(err)}`);
+}
+
 // ── 3. Auto-sync scripts and helpers on version change ───────────────────────
 // Controlled by `auto_update.enabled` in moflo.yaml (default: true).
 // When moflo is upgraded (npm install), scripts and helpers may be stale.
@@ -1009,53 +1131,12 @@ try {
   emitWarning(`upgrade section failed (${errMessage(err)})`);
 }
 
-// ── 3a-pre. Recycle daemons started before the current moflo install ────────
-// The version-bump block above only fires when `installedVersion !== cachedVersion`.
-// That misses the common case where a user upgraded moflo, ran ONE session
-// (which bumped the stamp + recycled the daemon), then on a subsequent session
-// the version stamp matches but the daemon they started long-ago is still
-// holding stale module cache from a pre-collapse moflo image. The
-// `[neural-tools] @moflo/embeddings not resolvable` spam (#639) is the
-// observable symptom of exactly this: a daemon running pre-#592 code that no
-// longer exists in source, calling a require helper that prints the warning
-// every time `neural_predict` / `neural_patterns` fires.
-//
-// Fix (epic #1054): compare the daemon-lock's reported moflo `version` against
-// the installed `node_modules/moflo/package.json` version. If they differ —
-// or the lock predates #1054 and has no `version` field at all — recycle the
-// daemon. This is exact (not a heuristic margin like the prior mtime-based
-// check) and named explicitly so the doctor's Daemon Version Skew check
-// (#1059) can share the diagnosis.
-//
-// Pre-#1054 daemons have no `version` in their lock payload — treated as a
-// mismatch by definition because by construction they were launched before
-// version publishing existed.
-try {
-  const mofloPkgPathForRecycle = resolve(projectRoot, 'node_modules/moflo/package.json');
-  const lockFile = resolve(projectRoot, '.moflo', 'daemon.lock');
-  // Cheap stat first — if either file is gone, no skew check is possible.
-  if (existsSync(mofloPkgPathForRecycle) && existsSync(lockFile)) {
-    const installedVersion = JSON.parse(readFileSync(mofloPkgPathForRecycle, 'utf-8')).version;
-    let daemonVersion;
-    try {
-      const lock = JSON.parse(readFileSync(lockFile, 'utf-8'));
-      if (typeof lock?.version === 'string') daemonVersion = lock.version;
-    } catch { /* corrupt lock — recycleDaemon will unlink it */ }
-    if (daemonVersion !== installedVersion) {
-      if (recycleDaemon(lockFile, 'daemon-version-skew')) {
-        const observed = daemonVersion ?? '<pre-1054 / unknown>';
-        emitMutation(
-          'recycled stale daemon',
-          `version skew: installed ${installedVersion}, daemon ${observed}`,
-        );
-      }
-    }
-  }
-} catch (err) {
-  // Non-fatal; surface via emitWarning per feedback_no_layered_workarounds —
-  // no silent catch on the upgrade path (#854).
-  emitWarning(`daemon version-skew check failed: ${errMessage(err)}`);
-}
+// ── 3a-pre. (removed) Daemon-version-skew recycle moved to §2a. ─────────────
+// The previous version of this block ran AFTER §3's heavy file-sync work,
+// which routinely exceeded the 3000ms SessionStart hook timeout and was
+// killed before reaching this point. §2a now runs early and force-kills the
+// stale daemon before §3 can starve out. Don't restore §3a-pre — keep the
+// recycle in one place so the two paths can't drift.
 
 // ── 3a. Auto-migrate settings.json (npx flo → node helpers, PATH setup) ────
 // Existing users may have stale settings.json with `npx flo` hooks that break

package/dist/src/cli/commands/daemon.js

@@ -470,33 +470,37 @@ export async function killBackgroundDaemon(projectRoot) {
         return false;
     }
     try {
-        // Graceful kill — platform-aware
+        // Platform-split shutdown. On Linux/macOS we try SIGTERM first so the
+        // daemon's shutdown handlers (sql.js flush, lock release) can run; force-
+        // kill only if it doesn't exit within ~1s.
+        //
+        // On Windows there is no SIGTERM equivalent for our headless detached
+        // Node daemon — `taskkill /PID` (no /F) sends a window-close message
+        // that a non-GUI process can't receive, so it always fails with the
+        // visible error 'process can only be terminated forcefully'. The prior
+        // implementation invoked it anyway, ate the error in a bare catch, then
+        // slept 1s before escalating to /F. Skip the dead step: go straight to
+        // /F /T (tree-kill, in case a worker child outlived its parent) on Win.
         if (process.platform === 'win32') {
-            // SIGTERM silently force-kills on Windows; use taskkill for clean shutdown
             try {
-                execFileSync('taskkill', ['/PID', String(holderPid)], { windowsHide: true });
+                execFileSync('taskkill', ['/F', '/T', '/PID', String(holderPid)], { windowsHide: true });
             }
             catch {
-                // taskkill may fail if process already exiting
+                // Already exiting / unreachable — process.kill(pid, 0) below verifies.
             }
         }
         else {
             process.kill(holderPid, 'SIGTERM');
-        }
-        // Wait a moment then force kill if needed
-        await new Promise(resolve => setTimeout(resolve, 1000));
-        try {
-            process.kill(holderPid, 0);
-            // Still alive, force kill
-            if (process.platform === 'win32') {
-                execFileSync('taskkill', ['/F', '/PID', String(holderPid)], { windowsHide: true });
-            }
-            else {
+            // Wait briefly so SIGTERM has a chance to land before checking liveness.
+            await new Promise(resolve => setTimeout(resolve, 1000));
+            try {
+                process.kill(holderPid, 0);
+                // Still alive — force kill.
                 process.kill(holderPid, 'SIGKILL');
             }
-        }
-        catch {
-            // Process terminated
+            catch {
+                // Process terminated
+            }
         }
         // Release lock
         releaseDaemonLock(projectRoot, holderPid, true);

package/dist/src/cli/commands/doctor-checks-config.js

@@ -9,6 +9,7 @@ import os from 'os';
 import { getDaemonLockHolder } from '../services/daemon-lock.js';
 import { legacyMemoryDbPath, memoryDbCandidatePaths, memoryDbPath, } from '../services/moflo-paths.js';
 import { probeDbIntegrity } from '../services/memory-db-integrity-repair.js';
+import { findProjectRoot } from '../services/project-root.js';
 import { errorDetail } from '../shared/utils/error-detail.js';
 export async function checkConfigFile() {
     // JSON configs (parse-validated). LEGACY-CONFIG: `.claude-flow.json` and
@@ -195,9 +196,9 @@ export async function checkMemoryDbIntegrity(cwd = process.cwd()) {
  * Standard MCP-config search paths: home (Claude Desktop on macOS/Linux),
  * XDG config dir, project-local `.mcp.json`, and APPDATA on Windows.
  *
- * Shared by `checkMcpServers` (which inspects the FIRST config it finds and
- * reports on flo presence) and `checkDaemonWriteRouting` (which COUNTS
- * servers across all paths to detect the multi-process-clobber hazard).
+ * Shared by `checkMcpServers` (which inspects configs and reports on moflo
+ * presence) and `checkDaemonWriteRouting` (which COUNTS servers across all
+ * paths to detect the multi-process-clobber hazard).
  */
 function mcpConfigSearchPaths(cwd) {
     return [
@@ -226,25 +227,102 @@ function countMcpServers(cwd) {
     }
     return total;
 }
-export async function checkMcpServers() {
-    for (const configPath of mcpConfigSearchPaths(process.cwd())) {
-        if (existsSync(configPath)) {
-            try {
-                const content = JSON.parse(readFileSync(configPath, 'utf8'));
-                const servers = content.mcpServers || content.servers || {};
-                const count = Object.keys(servers).length;
-                const hasClaudeFlow = 'moflo' in servers || 'claude-flow' in servers || 'claude-flow_alpha' in servers;
-                if (hasClaudeFlow) {
-                    return { name: 'MCP Servers', status: 'pass', message: `${count} servers (flo configured)` };
-                }
-                return { name: 'MCP Servers', status: 'warn', message: `${count} servers (flo not found)`, fix: 'claude mcp add moflo -- npx -y moflo mcp start' };
-            }
-            catch {
-                // continue to next path
-            }
+/**
+ * Inspect the project's `.mcp.json` (the file `flo init` writes and Claude
+ * Code reads at the project level) and report whether moflo is present,
+ * absent, or the file is malformed.
+ *
+ * Scope: deliberately project-only. We previously also scanned
+ * `~/.claude/claude_desktop_config.json` and `%APPDATA%/Claude/...` — Claude
+ * **Desktop** paths — which is a separate Anthropic product that doesn't
+ * host moflo's MCP server. The old wide scan caused #1126: a Claude
+ * Desktop preferences-only APPDATA file outranked a malformed project
+ * `.mcp.json`, surfacing "0 servers (flo not found)" while the actually
+ * broken project file went unrepaired. Claude Code stores user-level MCP
+ * registrations under `~/.claude.json` `projects[<path>].mcpServers`, but
+ * that's Claude Code internal state we don't author or rewrite; the
+ * project file is the canonical surface moflo owns end-to-end.
+ *
+ * Multi-writer / cross-ecosystem MCP-process counting still uses the wider
+ * `mcpConfigSearchPaths` via `countMcpServers` in
+ * `checkDaemonWriteRouting` — that check has a legitimate reason to see
+ * Claude Desktop processes.
+ *
+ * Exported so the auto-fixer (doctor-fixes.ts) can detect a malformed
+ * `.mcp.json` and regenerate it. Project root resolves via
+ * `findProjectRoot()` so a consumer running `flo healer` from a
+ * subdirectory still discovers the project file.
+ */
+export function inspectMcpConfigs(cwd = process.cwd()) {
+    // Callers wanting project-root resolution pass it in (see `checkMcpServers`
+    // below). Defaulting to `process.cwd()` matches the established pattern in
+    // sibling checks (`checkMemoryDbIntegrity`, `countMcpServers`) and avoids a
+    // redundant FS walk on every doctor pass.
+    const configPath = join(cwd, '.mcp.json');
+    // Single read with the existence/parse branches handled by the catch —
+    // dropping the pre-`existsSync` guard closes a TOCTOU window where the
+    // file is deleted between the check and the read.
+    let content;
+    try {
+        content = JSON.parse(readFileSync(configPath, 'utf8'));
+    }
+    catch (e) {
+        if (e.code === 'ENOENT') {
+            return { status: 'not_found' };
         }
+        return { status: 'malformed', path: configPath, parseError: errorDetail(e) };
+    }
+    const serversValue = content.mcpServers ?? content.servers;
+    const servers = (serversValue && typeof serversValue === 'object')
+        ? serversValue
+        : {};
+    const count = Object.keys(servers).length;
+    const hasMoflo = 'moflo' in servers || 'claude-flow' in servers || 'claude-flow_alpha' in servers;
+    if (hasMoflo) {
+        return { status: 'valid_with_moflo', path: configPath, count };
+    }
+    return { status: 'valid_no_moflo', path: configPath, count };
+}
+export async function checkMcpServers(cwd = findProjectRoot()) {
+    const result = inspectMcpConfigs(cwd);
+    switch (result.status) {
+        case 'valid_with_moflo':
+            return { name: 'MCP Servers', status: 'pass', message: `${result.count} servers (moflo configured)` };
+        case 'valid_no_moflo':
+            return {
+                name: 'MCP Servers',
+                status: 'warn',
+                message: `${result.count} servers (moflo not registered)`,
+                fix: 'claude mcp add moflo -- npx -y moflo mcp start',
+            };
+        case 'malformed':
+            // #1126: distinguish "config malformed" from "moflo missing". Previously
+            // the loop silently caught the JSON.parse error and fell through,
+            // reporting "0 servers (flo not found)" — which led users to run
+            // `claude mcp add` against a still-broken file that would never parse.
+            // Now we surface the parse error and direct them at the auto-fixer
+            // that regenerates the file from `generateMCPJson`.
+            return {
+                name: 'MCP Servers',
+                status: 'warn',
+                message: `malformed JSON at ${result.path}: ${result.parseError}`,
+                fix: 'flo healer --fix -c mcp-servers',
+            };
+        case 'not_found':
+            return {
+                name: 'MCP Servers',
+                status: 'warn',
+                message: 'No MCP config found',
+                fix: 'claude mcp add moflo -- npx -y moflo mcp start',
+            };
     }
-    return { name: 'MCP Servers', status: 'warn', message: 'No MCP config found', fix: 'claude mcp add moflo -- npx -y moflo mcp start' };
+    // Compile-time exhaustiveness guard: if a future status variant is added to
+    // `inspectMcpConfigs`'s return type without a matching case above, this
+    // assignment fails to compile (`string` is not assignable to `never`),
+    // forcing a corresponding update here. Better than a silent `default:`
+    // branch swallowing the new case as if it were `not_found`.
+    const _exhaustive = result.status;
+    return _exhaustive;
 }
 // Catches three failure modes (#895):
 //   1. File missing — session-start should have created it; warn user that

package/dist/src/cli/commands/doctor-fixes.js

@@ -9,9 +9,12 @@ import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from '
 import { join } from 'path';
 import { output } from '../output.js';
 import { errorDetail } from '../shared/utils/error-detail.js';
+import { atomicWriteFileSync } from '../shared/utils/atomic-file-write.js';
 import { repairHookWiring } from '../services/hook-wiring.js';
 import { getDaemonLockHolder } from '../services/daemon-lock.js';
+import { findProjectRoot } from '../services/project-root.js';
 import { findZombieProcesses } from './doctor-zombies.js';
+import { inspectMcpConfigs } from './doctor-checks-config.js';
 import { installClaudeCode, runCommand } from './doctor-checks-runtime.js';
 /** Run a shell command as a fix action. Returns true on exit code 0. */
 async function runFixCommand(cmd) {
@@ -200,6 +203,46 @@ export async function autoFixCheck(check) {
             return runFixCommand('npx moflo embeddings init --force');
         },
         'MCP Servers': async () => {
+            // #1126: distinguish "malformed JSON" from "moflo missing from valid
+            // config". The previous fix always ran `claude mcp add` — a no-op when
+            // the project-local `.mcp.json` was unparseable, because the command
+            // doesn't touch malformed project files.
+            const projectRoot = findProjectRoot();
+            const inspection = inspectMcpConfigs(projectRoot);
+            if (inspection.status === 'malformed' && inspection.path) {
+                try {
+                    // Filesystem-safe timestamp: Date.now() is a digit-only integer so
+                    // no `:` escape needed (per dogfooding.md § 6 cross-platform primitives).
+                    const backupPath = `${inspection.path}.malformed-${Date.now()}`;
+                    // The backup is a brand-new file at a unique timestamped path with
+                    // no concurrent readers — a plain writeFileSync is enough; the
+                    // atomic ceremony is only worth its cost when replacing a file a
+                    // running process might re-open mid-write.
+                    writeFileSync(backupPath, readFileSync(inspection.path, 'utf8'), 'utf-8');
+                    const { generateMCPJson } = await import('../init/mcp-generator.js');
+                    const { DEFAULT_INIT_OPTIONS } = await import('../init/types.js');
+                    const regenerated = generateMCPJson({ ...DEFAULT_INIT_OPTIONS, targetDir: projectRoot });
+                    // Confirm the regenerated content parses before clobbering the
+                    // (broken) original — refuse to repair if our own generator emits
+                    // unparseable JSON for any reason (defense in depth against a future
+                    // generator regression silently emitting bad escapes again).
+                    JSON.parse(regenerated);
+                    // Atomic swap so a concurrent reader (e.g. Claude Code re-scanning
+                    // .mcp.json during the fix) never sees a truncated file. The
+                    // Windows-AV-lock verify window inside atomicWriteFileSync (#1015)
+                    // gates the rename until the new bytes are readable.
+                    atomicWriteFileSync(inspection.path, regenerated);
+                    output.writeln(output.dim(`  Regenerated ${inspection.path}; backup at ${backupPath}.`));
+                    return true;
+                }
+                catch (e) {
+                    output.writeln(output.warning(`  Regeneration failed: ${errorDetail(e)}`));
+                    return false;
+                }
+            }
+            // Valid config exists but moflo isn't registered — fall back to the
+            // claude-cli flow. This is the original behavior for the
+            // valid_no_moflo / not_found states.
             return runFixCommand('claude mcp add moflo -- npx -y moflo mcp start');
         },
         'Claude Code CLI': async () => {

package/dist/src/cli/init/settings-generator.js

@@ -358,7 +358,7 @@ function generateHooksConfig(config) {
                     {
                         type: 'command',
                         command: 'node "$CLAUDE_PROJECT_DIR/.claude/scripts/session-start-launcher.mjs"',
-                        timeout: 3000,
+                        timeout: 5000,
                     },
                     {
                         type: 'command',

package/dist/src/cli/services/hook-block-hash.js

@@ -94,7 +94,7 @@ export function getReferenceHookBlock() {
         ],
         SessionStart: [
             {
-                hooks: [scriptHook('session-start-launcher.mjs', 3000), autoMemory('import', 8000)],
+                hooks: [scriptHook('session-start-launcher.mjs', 5000), autoMemory('import', 8000)],
             },
         ],
         Stop: [

package/dist/src/cli/version.js

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.10.3';
+export const VERSION = '4.10.5';
 //# sourceMappingURL=version.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.10.3",
+  "version": "4.10.5",
   "description": "MoFlo — AI agent orchestration for Claude Code. A standalone, opinionated toolkit with semantic memory, learned routing, gates, spells, and the /flo issue-execution skill.",
   "main": "dist/src/cli/index.js",
   "type": "module",
@@ -95,7 +95,7 @@
     "@typescript-eslint/eslint-plugin": "^7.18.0",
     "@typescript-eslint/parser": "^7.18.0",
     "eslint": "^8.0.0",
-    "moflo": "^4.10.2",
+    "moflo": "^4.10.4",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"