moflo 4.10.5 → 4.10.7

package/.claude/helpers/subagent-start.cjs

@@ -22,7 +22,7 @@ const path = require('path');
 // Defense-in-depth copy of the canonical directive in subagent-bootstrap.json.
 // Kept as a single-line literal so the parity test in tests/bin/subagent-start.test.ts
 // can verify it matches the JSON via plain substring containment.
-const FALLBACK_DIRECTIVE = 'MANDATORY FIRST ACTION: Your very first tool call MUST be mcp__moflo__memory_search (any query, any namespace). The memory-first gate WILL BLOCK all Glob, Grep, and Read calls until you do this. After memory search, follow `.claude/guidance/moflo-subagents.md` protocol. When a search hit carries `navigation`, you MUST call mcp__moflo__memory_get_neighbors to traverse — calling mcp__moflo__memory_retrieve on every hit is a protocol violation. See `.claude/guidance/moflo-memory-protocol.md`.';
+const FALLBACK_DIRECTIVE = 'MANDATORY FIRST ACTION: Your very first tool call MUST be mcp__moflo__memory_search (any query, any namespace). The memory-first gate WILL BLOCK all Glob, Grep, Read, and read-like Bash (cat/head/tail/grep/find/sed/awk and the Windows/PowerShell equivalents) calls until you do this. Pick the namespace by task: `guidance` for rules and conventions, `code-map` for file structure, `patterns` for proven solutions, `learnings` for past corrections, `tests` for test inventory. After memory search, follow `.claude/guidance/moflo-subagents.md` protocol. When a search hit carries `navigation`, you MUST call mcp__moflo__memory_get_neighbors to traverse — calling mcp__moflo__memory_retrieve on every hit is a protocol violation. See `.claude/guidance/moflo-memory-protocol.md`.';
 
 function loadDirective() {
   const jsonPath = path.join(__dirname, 'subagent-bootstrap.json');

package/bin/gate.cjs

@@ -82,6 +82,53 @@ var command = process.argv[2];
 
 var EXEMPT = ['.claude/', '.claude\\', 'CLAUDE.md', 'MEMORY.md', 'workflow-state', 'node_modules', 'moflo.yaml'];
 var DANGEROUS = ['rm -rf /', 'format c:', 'del /s /q c:\\', ':(){:|:&};:', 'mkfs.', '> /dev/sda'];
+
+// #1132 — Bash memory-first gate.
+//
+// CREDIT: the legacy detector that marks the gate satisfied when Claude
+// manually invokes a memory-search CLI (flo-search, the moflo MCP search via
+// shell, etc.). Preserved verbatim from the pre-#1132 behaviour so existing
+// recipes keep crediting the gate.
+var CREDIT_MEMORY_SEARCH_RE = /semantic-search|memory search|memory retrieve|memory-search/;
+// BLOCK: read-like Bash commands that bypass the existing check-before-read /
+// check-before-scan gates by going through the shell. Anchored to the start of
+// the line so subcommands inside pipelines or `npm install grep` don't trip.
+// Covers POSIX read/search tools, Windows cmd `type`, and PowerShell readers.
+var READ_LIKE_BASH_RE = new RegExp([
+  '^\\s*(?:cat|head|tail|less|more|bat|xxd|od|hexdump)\\b',
+  '^\\s*(?:grep|rg|ag|fgrep|egrep|find|fd)\\b',
+  '^\\s*sed\\s+-n\\b',
+  '^\\s*awk\\s+(?!.*<<)',
+  // `type <path>` on Windows. No `$` anchor so a piped form
+  // (`type src\foo.ts | grep x`) still matches and gets blocked. The argument
+  // must contain a slash, backslash, or dot — otherwise it's the shell-builtin
+  // command-lookup form (`type ls`, `type cd`) which the gate has no business
+  // blocking. False-negative trade: extension-less filenames like `type Makefile`
+  // pass through. Acceptable — source files all have extensions, and the
+  // primary risk pattern is leaking past the gate via `type src\foo.ts`.
+  '^\\s*type\\s+\\S*[\\\\/.]',
+  '^\\s*(?:Get-Content|gc|Select-String|sls)\\b',
+].join('|'), 'i');
+// CARVE-OUT: commands that LOOK read-like but are operational. Anchored to the
+// LEADING command — the pipe-filter case (`npm test | grep FAIL`) is already
+// handled by READ_LIKE's `^\s*` anchor never matching the leading `npm`, so
+// there is intentionally no pipe arm here: catching the leading command lets
+// `grep -r TODO src/ | head -5` reach the BLOCK exit (which it must, that's
+// the gap the ticket exists to close). #1132.
+var BASH_CARVE_OUT_RE = new RegExp([
+  '^\\s*(npm|npx|pnpm|yarn|bun|node|deno|tsx|ts-node)\\s',
+  '^\\s*(git|gh|hub)\\s',
+  '^\\s*(docker|kubectl|helm|terraform)\\s',
+  '^\\s*(curl|wget|http|fetch)\\s',
+  '^\\s*(jq|yq|xq)\\s',
+  '^\\s*(echo|printf|true|false|sleep|test|\\[)\\s',
+  '^\\s*cat\\s+(<<|<<<)',
+  '^\\s*cat\\s+[^|]*\\s*>',
+  '^\\s*tee\\b',
+  // Lazy `.+?` instead of `.+\s` to avoid catastrophic backtracking on long
+  // `find` commands that lack a `-delete` / `-exec rm` suffix.
+  '^\\s*find\\s+.+?-(delete|exec\\s+rm)\\b',
+].join('|'));
 var DIRECTIVE_RE = /^(yes|no|yeah|yep|nope|sure|ok|okay|correct|right|exactly|perfect)\b/i;
 var TASK_RE = /\b(fix|bug|error|implement|add|create|build|write|refactor|debug|test|feature|issue|security|optimi)\b/i;
 
@@ -146,6 +193,29 @@ function classifyNamespaceHint(promptText) {
   return '';
 }
 
+// #1132 — command-shape namespace classifier for the bash-BLOCK message.
+// Used when the prompt-derived `lastNamespaceHint` is empty (e.g. subagents,
+// which never see the user prompt) so the block message still routes to a
+// useful namespace rather than the generic "pick one of five" list. Returns a
+// full sentence in the same shape as classifyNamespaceHint so the BLOCK arm
+// can write either source's hint without branching on format.
+//
+// SYNC: duplicated verbatim in src/cli/init/helpers-generator.ts.
+function classifyBashNamespaceHint(cmd) {
+  // Search-like tools — the user is hunting for a symbol/file, code-map wins.
+  if (/^\s*(?:grep|rg|ag|fgrep|egrep|find|fd|Select-String|sls)\b/i.test(cmd)) {
+    return 'Memory namespace hint: use "code-map" for codebase navigation.';
+  }
+  // Reading a .md / RST / TXT, or a well-known doc file — guidance/learnings win.
+  // `.*` (not `\S*`) so flag-prefixed forms like `head -50 README.md` match.
+  // Anchored on the leading reader so a piped `cmd | grep foo.md` doesn't trip.
+  if (/^\s*(?:cat|head|tail|less|more|bat|type|Get-Content|gc)\b.*\.(?:md|mdx|rst|txt)\b/i.test(cmd)
+   || /^\s*(?:cat|head|tail|less|more|bat|type|Get-Content|gc)\b.*\b(?:README|CLAUDE|CHANGELOG|CONTRIBUTING|LICENSE)\b/i.test(cmd)) {
+    return 'Memory namespace hint: search "guidance" and "learnings" for project rules and decisions.';
+  }
+  return '';
+}
+
 // Apply per-prompt state reset shared by `prompt-reminder` (full) and
 // `prompt-state-reset` (defensive safety-net, no emission). Idempotent — both
 // UserPromptSubmit hooks can run it without compounding any field. Caller
@@ -402,11 +472,41 @@ switch (command) {
     break;
   }
   case 'check-bash-memory': {
+    // #1132 — preserve CREDIT side-effect AND add a BLOCK arm for read-like
+    // Bash commands. Wired as PreToolUse[Bash] (was PostToolUse before #1132)
+    // so process.exit(2) actually prevents the read from reaching the shell.
     var cmd = process.env.TOOL_INPUT_command || '';
-    if (/semantic-search|memory search|memory retrieve|memory-search/.test(cmd)) {
+
+    // 1) CREDIT — preserved behavior. A real memory-search invocation flips
+    // the gate flag so subsequent Read/Grep/Glob within this prompt pass.
+    if (CREDIT_MEMORY_SEARCH_RE.test(cmd)) {
       var s = readState();
       if (markMemorySearched(s)) writeState(s);
+      break;
     }
+
+    // 2) BLOCK — new behavior. Cheap regex checks come BEFORE readState() so
+    // the overwhelming majority of Bash invocations (git/npm/curl/echo/etc.)
+    // never touch the filesystem. Order: config flag → command-shape regexes
+    // → state read → memory gate.
+    if (!config.memory_first) break;
+    if (!READ_LIKE_BASH_RE.test(cmd)) break;
+    if (BASH_CARVE_OUT_RE.test(cmd)) break;
+    var s2 = readState();
+    if (!s2.memoryRequired || isMemorySearchedFor(s2)) break;
+    // Hint precedence: prompt-derived classification (set by applyPromptStateReset
+    // from the user prompt text) → command-shape classification (works for
+    // subagents that never saw the user prompt). Either source returns a full
+    // "Memory namespace hint: ..." sentence so the BLOCK message stays uniform.
+    var hint = s2.lastNamespaceHint || classifyBashNamespaceHint(cmd) || '';
+    process.stderr.write(
+      'BLOCKED: Search memory before reading files via Bash.\n' +
+      'Example: mcp__moflo__memory_search { query: "<topic>", namespace: "<one of: guidance | code-map | patterns | learnings | tests>" }\n' +
+      (hint ? hint + '\n' : '') +
+      'On chunk hits, traverse via mcp__moflo__memory_get_neighbors — see .claude/guidance/moflo-memory-protocol.md\n' +
+      'Disable per-gate via moflo.yaml: gates: memory_first: false\n'
+    );
+    process.exit(2);
     break;
   }
   case 'check-task-transition': {

package/bin/session-start-launcher.mjs

@@ -640,7 +640,16 @@ try {
 // Controlled by `auto_update.enabled` in moflo.yaml (default: true).
 // When moflo is upgraded (npm install), scripts and helpers may be stale.
 // Detect version change and sync from source before running hooks.
-let autoUpdateConfig = { enabled: true, scripts: true, helpers: true, hookBlockDrift: 'warn' };
+let autoUpdateConfig = {
+  enabled: true,
+  scripts: true,
+  helpers: true,
+  hookBlockDrift: 'warn',
+  // #1142 — CLAUDE.md injection drift refresh mode (warn | regenerate | off,
+  // default regenerate). Defaults to regenerate because the consumer cannot
+  // refresh CLAUDE.md on their own — there is no other auto-refresh path.
+  claudemdInjectionDrift: 'regenerate',
+};
 try {
   const mofloYaml = resolve(projectRoot, 'moflo.yaml');
   if (existsSync(mofloYaml)) {
@@ -651,10 +660,13 @@ try {
     const helpersMatch = yamlContent.match(/auto_update:\s*\n(?:\s+\w+:.*\n)*?\s+helpers:\s*(true|false)/);
     // #881: hook-block drift detector (warn | regenerate | off; default warn)
     const driftMatch = yamlContent.match(/auto_update:\s*\n(?:\s+\w+:.*\n)*?\s+hook_block_drift:\s*(warn|regenerate|off)/);
+    // #1142: CLAUDE.md injection drift detector (warn | regenerate | off; default regenerate)
+    const claudemdMatch = yamlContent.match(/auto_update:\s*\n(?:\s+\w+:.*\n)*?\s+claudemd_injection_drift:\s*(warn|regenerate|off)/);
     if (enabledMatch) autoUpdateConfig.enabled = enabledMatch[1] === 'true';
     if (scriptsMatch) autoUpdateConfig.scripts = scriptsMatch[1] === 'true';
     if (helpersMatch) autoUpdateConfig.helpers = helpersMatch[1] === 'true';
     if (driftMatch) autoUpdateConfig.hookBlockDrift = driftMatch[1];
+    if (claudemdMatch) autoUpdateConfig.claudemdInjectionDrift = claudemdMatch[1];
   }
 } catch (err) {
   // Defaults (all true) keep the upgrade flow alive but the user should
@@ -1053,12 +1065,14 @@ try {
       // prune when the consumer's file matches a known-shipped hash —
       // customized files (different hash) get preserved with a one-line
       // notice the user can act on.
+      let prunedRetiredPaths = new Set();
       try {
         const retiredManifestPath = resolve(
           projectRoot,
           'node_modules/moflo/retired-files.json',
         );
         const report = applyRetiredPrune(projectRoot, retiredManifestPath);
+        prunedRetiredPaths = new Set(report.pruned);
         if (report.pruned.length > 0) {
           emitMutation(
             'pruned retired shipped files',
@@ -1110,10 +1124,23 @@ try {
 
       // Manifest reflects synced files immediately; version stamp is deferred
       // to 3g so an aborted launcher re-runs upgrade detection (#730).
+      //
+      // Exclude paths that `applyRetiredPrune` just deleted from disk —
+      // recording a non-existent file in `installed-files.json` triggers
+      // false drift detection on the next launcher run (`manifestDrifted`
+      // flips true because the recorded path doesn't exist), which spuriously
+      // re-fires the cherry-pick + manifest-sync pipeline. Widening
+      // `retired-files.json`'s hash window in #1133 exposed this — more
+      // legitimate matches → more pruned files → guaranteed false drift on
+      // the next launcher and re-imported legacy rows (knowledge namespace
+      // came back even though the migration deleted it).
+      const persistedManifest = prunedRetiredPaths.size > 0
+        ? currentManifest.filter((e) => !prunedRetiredPaths.has(e.path))
+        : currentManifest;
       try {
         const cfDir = resolve(projectRoot, '.moflo');
         if (!existsSync(cfDir)) mkdirSync(cfDir, { recursive: true });
-        writeFileSync(manifestPath, JSON.stringify(currentManifest, null, 2));
+        writeFileSync(manifestPath, JSON.stringify(persistedManifest, null, 2));
         pendingVersionStampWrite = { path: versionStampPath, version: installedVersion };
       } catch (err) {
         // #854: manifest write must surface — without it the next launcher
@@ -1399,23 +1426,185 @@ async function runHookBlockDriftCheck() {
   };
 }
 
-try {
-  if (autoUpdateConfig.enabled && autoUpdateConfig.hookBlockDrift !== 'off') {
-    const result = await runHookBlockDriftCheck();
-    if (result) {
+// ── 3a-vii. CLAUDE.md injection drift detection (#1142) ──────────────────
+// Refresh the consumer's `<root>/CLAUDE.md` MoFlo block when it has drifted
+// from what `claudemd-generator.ts` currently produces. The launcher's
+// stages 3/3b refresh shipped guidance files on every version change, but
+// CLAUDE.md was only rewritten by explicit `flo init` / `flo-setup` — so
+// consumers carried stale injection content (with the legacy `shipped/`
+// guidance paths, for example) for as long as they didn't re-run init.
+//
+// Modes (`auto_update.claudemd_injection_drift` in moflo.yaml):
+//   regenerate  — replace the drifted block in place (default; the consumer
+//                 has no other path to refresh CLAUDE.md)
+//   warn        — print a one-line drift summary to stdout
+//   off         — skip detection entirely
+//
+// Fast-path: `.moflo/claudemd-injection-cache.json` records the last clean
+// run. If CLAUDE.md + the generator module both still match the cached
+// mtimes, skip the readFile + dynamic import.
+async function runClaudeMdInjectionDriftCheck() {
+  const claudeMdPath = resolve(projectRoot, 'CLAUDE.md');
+  let claudeMdStat;
+  try { claudeMdStat = statSync(claudeMdPath); } catch { return null; }
+
+  // Locate the generator and the drift service. Both must be present —
+  // generator owns the canonical content, drift service owns the marker
+  // logic. Use bin/lib/moflo-resolve.mjs path resolution semantics
+  // (covers consumer node_modules + dev source tree). Two candidates each.
+  const generatorCandidates = [
+    resolve(projectRoot, 'node_modules/moflo/dist/src/cli/init/claudemd-generator.js'),
+    resolve(projectRoot, 'dist/src/cli/init/claudemd-generator.js'),
+  ];
+  const driftCandidates = [
+    resolve(projectRoot, 'node_modules/moflo/dist/src/cli/services/claudemd-injection.js'),
+    resolve(projectRoot, 'dist/src/cli/services/claudemd-injection.js'),
+  ];
+  let generatorPath = null, generatorStat = null;
+  for (const p of generatorCandidates) {
+    try { generatorStat = statSync(p); generatorPath = p; break; } catch { /* try next */ }
+  }
+  let driftPath = null, driftStat = null;
+  for (const p of driftCandidates) {
+    try { driftStat = statSync(p); driftPath = p; break; } catch { /* try next */ }
+  }
+  if (!generatorPath || !driftPath) return null;
+
+  // Use the max mtime of the two modules so any update to either invalidates
+  // the cache. Both are co-bumped on publish so this is normally one mtime.
+  const moduleMtimeMs = Math.max(generatorStat.mtimeMs, driftStat.mtimeMs);
+
+  // Cache short-circuits any (claudeMdMtime, moduleMtime, state) triple
+  // match — not just 'in-sync'. A drifted consumer in warn mode still emits
+  // the nudge once on first detection, then stays silent until something
+  // actually changes (CLAUDE.md mtime bumps from a user edit, or moflo
+  // upgrade bumps moduleMtimeMs). Without this, every session re-does the
+  // full slow path (3 statSync + readFile + 2 dynamic imports + generator
+  // call) for non-in-sync consumers in perpetuity.
+  const cachePath = join(mofloDir(projectRoot), 'claudemd-injection-cache.json');
+  let cached = null;
+  try { cached = JSON.parse(readFileSync(cachePath, 'utf-8')); } catch { /* missing or corrupt */ }
+  if (
+    cached &&
+    cached.claudeMdMtimeMs === claudeMdStat.mtimeMs &&
+    cached.moduleMtimeMs === moduleMtimeMs &&
+    typeof cached.state === 'string'
+  ) return null;
+
+  // Try-catch around the dynamic imports handles the file disappearing
+  // between statSync and import (TOCTOU); other load errors surface as
+  // an emitWarning so a transitive dependency failure isn't invisible
+  // (mirrors the silent-catch lesson — see feedback_consumer_blast_radius).
+  let genMod = null, driftMod = null;
+  try {
+    genMod = await import(pathToFileURL(generatorPath).href);
+    driftMod = await import(pathToFileURL(driftPath).href);
+  } catch (err) {
+    emitWarning(`CLAUDE.md drift check skipped (${errMessage(err)})`);
+    return null;
+  }
+  if (typeof genMod.generateClaudeMd !== 'function') return null;
+  if (typeof driftMod.computeInjectionDrift !== 'function') return null;
+  if (typeof driftMod.applyInjectionReplacement !== 'function') return null;
+
+  const claudeMdContents = readFileSync(claudeMdPath, 'utf-8');
+  const canonical = genMod.generateClaudeMd({});
+  const report = driftMod.computeInjectionDrift(claudeMdContents, canonical);
+
+  let finalState = report.state;
+  let finalMtime = claudeMdStat.mtimeMs;
+
+  // Treat both 'drifted' and 'legacy-marker' as repairable in regenerate mode.
+  // 'no-marker' means the user removed the inject deliberately — don't re-add
+  // it on every session start; that's a re-init operation, not a drift fix.
+  // 'no-file' is unreachable here because statSync already succeeded.
+  const repairable = report.state === 'drifted' || report.state === 'legacy-marker';
+  if (repairable) {
+    const wantRegenerate = autoUpdateConfig.claudemdInjectionDrift === 'regenerate';
+    if (wantRegenerate) {
+      const result = driftMod.applyInjectionReplacement(claudeMdContents, canonical);
+      if (result.changed && typeof result.contents === 'string') {
+        writeFileSync(claudeMdPath, result.contents);
+        finalState = 'in-sync';
+        try { finalMtime = statSync(claudeMdPath).mtimeMs; } catch { /* keep prior */ }
+        emitMutation(
+          'refreshed CLAUDE.md MoFlo block',
+          `replaced ${report.state} block with current generator output`,
+        );
+      }
+    } else {
+      // warn mode — surface a one-line summary on stdout for Claude/user.
+      try {
+        process.stdout.write(
+          `moflo: CLAUDE.md injection ${report.state}; run \`flo doctor claudemd-drift\` or set auto_update.claudemd_injection_drift: regenerate in moflo.yaml\n`,
+        );
+      } catch { /* broken stdout — non-fatal */ }
+    }
+  } else if (report.state === 'no-marker') {
+    // Distinct from the drift cases — surface once via warn channel so a
+    // user who didn't run init still sees a nudge, but never auto-mutate.
+    if (autoUpdateConfig.claudemdInjectionDrift !== 'off') {
       try {
-        mkdirSync(mofloDir(projectRoot), { recursive: true });
-        writeFileSync(result.cachePath, JSON.stringify({
-          settingsMtimeMs: result.settingsMtimeMs,
-          moduleMtimeMs: result.moduleMtimeMs,
-          consumerHash: result.consumerHash,
-          referenceHash: result.referenceHash,
-        }));
-      } catch { /* cache is opportunistic — non-fatal */ }
+        process.stdout.write(
+          `moflo: CLAUDE.md has no MoFlo injection block; run \`npx flo-setup\` to add one\n`,
+        );
+      } catch { /* broken stdout — non-fatal */ }
     }
   }
-} catch (err) {
-  emitWarning(`hook-block drift check skipped (${errMessage(err)})`);
+
+  return {
+    cachePath,
+    claudeMdMtimeMs: finalMtime,
+    moduleMtimeMs,
+    state: finalState,
+  };
+}
+
+// Run the two drift detectors (settings.json hook block + CLAUDE.md
+// injection) in parallel. Both do their own statSync → cache compare →
+// dynamic import dance; the work is independent and the file targets are
+// different, so Promise.all halves cold-path latency on every session start.
+// Cache-hit fast paths return null with no work — Promise.all is still
+// trivially correct there.
+{
+  const hookEnabled = autoUpdateConfig.enabled && autoUpdateConfig.hookBlockDrift !== 'off';
+  const claudemdEnabled = autoUpdateConfig.enabled && autoUpdateConfig.claudemdInjectionDrift !== 'off';
+  const [hookResult, claudemdResult] = await Promise.all([
+    hookEnabled
+      ? runHookBlockDriftCheck().catch((err) => {
+          emitWarning(`hook-block drift check skipped (${errMessage(err)})`);
+          return null;
+        })
+      : Promise.resolve(null),
+    claudemdEnabled
+      ? runClaudeMdInjectionDriftCheck().catch((err) => {
+          emitWarning(`CLAUDE.md injection drift check skipped (${errMessage(err)})`);
+          return null;
+        })
+      : Promise.resolve(null),
+  ]);
+
+  if (hookResult) {
+    try {
+      mkdirSync(mofloDir(projectRoot), { recursive: true });
+      writeFileSync(hookResult.cachePath, JSON.stringify({
+        settingsMtimeMs: hookResult.settingsMtimeMs,
+        moduleMtimeMs: hookResult.moduleMtimeMs,
+        consumerHash: hookResult.consumerHash,
+        referenceHash: hookResult.referenceHash,
+      }));
+    } catch { /* cache is opportunistic — non-fatal */ }
+  }
+  if (claudemdResult) {
+    try {
+      mkdirSync(mofloDir(projectRoot), { recursive: true });
+      writeFileSync(claudemdResult.cachePath, JSON.stringify({
+        claudeMdMtimeMs: claudemdResult.claudeMdMtimeMs,
+        moduleMtimeMs: claudemdResult.moduleMtimeMs,
+        state: claudemdResult.state,
+      }));
+    } catch { /* cache is opportunistic — non-fatal */ }
+  }
 }
 
 // ── 3b. Ensure shipped guidance files exist (even without version change) ──

package/bin/setup-project.mjs

@@ -37,16 +37,14 @@ import { mofloInternalURL } from './lib/moflo-resolve.mjs';
 // works identically from bin/ (canonical) or from .claude/scripts/ (synced copy).
 const mofloRoot = dirname(fileURLToPath(mofloInternalURL('package.json')));
 
-// Single source of truth: claudemd-generator.ts owns the section content.
-// Use the shared mofloInternalURL helper so the script works identically when
-// invoked from bin/ (canonical) or from .claude/scripts/ (synced copy).
-const {
-  generateClaudeMd,
-  MARKER_START,
-  MARKER_END,
-  LEGACY_MARKER_STARTS,
-  LEGACY_MARKER_ENDS,
-} = await import(mofloInternalURL('dist/src/cli/init/claudemd-generator.js'));
+// Single source of truth: claudemd-generator.ts owns the section content,
+// claudemd-injection.ts owns the marker-replace logic. Use the shared
+// mofloInternalURL helper so the script works identically when invoked
+// from bin/ (canonical) or from .claude/scripts/ (synced copy).
+const { generateClaudeMd } = await import(mofloInternalURL('dist/src/cli/init/claudemd-generator.js'));
+const { applyInjectionReplacement, computeInjectionDrift } = await import(
+  mofloInternalURL('dist/src/cli/services/claudemd-injection.js')
+);
 
 const args = process.argv.slice(2);
 const updateOnly = args.includes('--update');
@@ -150,65 +148,47 @@ function cleanupLegacyBootstrap(projectRoot) {
 
 function updateClaudeMd(projectRoot) {
   const claudeMdPath = join(projectRoot, 'CLAUDE.md');
+  const existed = existsSync(claudeMdPath);
+  const content = existed ? readFileSync(claudeMdPath, 'utf-8') : null;
 
-  if (!existsSync(claudeMdPath)) {
-    if (checkOnly) {
-      log('⚠️  No CLAUDE.md found');
-      return false;
-    }
-    log('📝 Creating CLAUDE.md with subagent protocol section');
-    writeFileSync(claudeMdPath, `# Project Configuration\n\n${CLAUDE_MD_SECTION}\n`, 'utf-8');
-    return true;
-  }
+  // Single source of truth for the marker-replace logic lives in
+  // src/cli/services/claudemd-injection.ts. Classify state for logging,
+  // then apply (or report) the replacement.
+  const report = computeInjectionDrift(content, CLAUDE_MD_SECTION);
 
-  const content = readFileSync(claudeMdPath, 'utf-8');
-
-  // Check for current or legacy markers and replace
-  const allStarts = [MARKER_START, ...LEGACY_MARKER_STARTS];
-  const allEnds = [MARKER_END, ...LEGACY_MARKER_ENDS];
-
-  for (let i = 0; i < allStarts.length; i++) {
-    if (content.includes(allStarts[i])) {
-      const startIdx = content.indexOf(allStarts[i]);
-      const endIdx = content.indexOf(allEnds[i]);
-
-      if (endIdx > startIdx) {
-        // If current markers and content matches, we're up to date
-        if (i === 0) {
-          const existingSection = content.substring(startIdx, endIdx + allEnds[i].length);
-          if (existingSection === CLAUDE_MD_SECTION) {
-            log('✅ CLAUDE.md moflo section is current');
-            return true;
-          }
-        }
-
-        // Replace (current or legacy) with new section
-        if (!checkOnly) {
-          const updated = content.substring(0, startIdx) + CLAUDE_MD_SECTION + content.substring(endIdx + allEnds[i].length);
-          writeFileSync(claudeMdPath, updated, 'utf-8');
-          log(i === 0 ? '📝 Updated CLAUDE.md moflo section' : '📝 Replaced legacy CLAUDE.md section with minimal moflo injection');
-        } else {
-          log('⚠️  CLAUDE.md moflo section needs update');
-        }
-        return true;
-      }
-    }
+  if (report.state === 'in-sync') {
+    log('✅ CLAUDE.md moflo section is current');
+    return true;
   }
 
+  // `updateOnly` is informational — refresh the bootstrap mirror file but
+  // leave CLAUDE.md alone unless an inject already exists.
   if (updateOnly) {
-    log('⚠️  CLAUDE.md has no moflo section (run without --update to add)');
-    return false;
+    if (!existed) { log('⚠️  No CLAUDE.md found'); return false; }
+    if (report.state === 'no-marker') {
+      log('⚠️  CLAUDE.md has no moflo section (run without --update to add)');
+      return false;
+    }
+    // Existing block (current or legacy) + drift → fall through to write.
   }
 
   if (checkOnly) {
-    log('⚠️  CLAUDE.md missing subagent protocol section');
+    if (!existed) { log('⚠️  No CLAUDE.md found'); return false; }
+    if (report.state === 'no-marker') { log('⚠️  CLAUDE.md missing subagent protocol section'); return false; }
+    log('⚠️  CLAUDE.md moflo section needs update');
     return false;
   }
 
-  // Append section to end of CLAUDE.md
-  const separator = content.endsWith('\n') ? '\n' : '\n\n';
-  writeFileSync(claudeMdPath, content + separator + CLAUDE_MD_SECTION + '\n', 'utf-8');
-  log('📝 Added subagent protocol section to CLAUDE.md');
+  const result = applyInjectionReplacement(content, CLAUDE_MD_SECTION);
+  if (!result.changed) return true;
+  writeFileSync(claudeMdPath, result.contents, 'utf-8');
+
+  switch (report.state) {
+    case 'no-file':       log('📝 Creating CLAUDE.md with subagent protocol section'); break;
+    case 'no-marker':     log('📝 Added subagent protocol section to CLAUDE.md'); break;
+    case 'legacy-marker': log('📝 Replaced legacy CLAUDE.md section with minimal moflo injection'); break;
+    case 'drifted':       log('📝 Updated CLAUDE.md moflo section'); break;
+  }
   return true;
 }
 

package/dist/src/cli/commands/daemon.js

@@ -472,7 +472,7 @@ export async function killBackgroundDaemon(projectRoot) {
     try {
         // Platform-split shutdown. On Linux/macOS we try SIGTERM first so the
         // daemon's shutdown handlers (sql.js flush, lock release) can run; force-
-        // kill only if it doesn't exit within ~1s.
+        // kill only if it doesn't exit within the graceful window.
         //
         // On Windows there is no SIGTERM equivalent for our headless detached
         // Node daemon — `taskkill /PID` (no /F) sends a window-close message
@@ -481,25 +481,46 @@ export async function killBackgroundDaemon(projectRoot) {
         // implementation invoked it anyway, ate the error in a bare catch, then
         // slept 1s before escalating to /F. Skip the dead step: go straight to
         // /F /T (tree-kill, in case a worker child outlived its parent) on Win.
+        //
+        // #1136: previously this used `setTimeout(1000)` after SIGTERM and
+        // skipped post-SIGKILL verification. Under load on a populated DB the
+        // daemon's shutdown handler (worker-daemon.ts:582 → scheduler.stop +
+        // saveState) can exceed 1s — SIGKILL hit mid-sql.js-dump and left
+        // torn pages in `.moflo/moflo.db` (the page-ref / rowid-order
+        // signature seen in the populated-consumer smoke). Bring the kill
+        // window in line with the launcher's stopDaemon
+        // (bin/session-start-launcher.mjs:425): 3s graceful poll + 1s force
+        // poll, both verifying liveness before returning.
         if (process.platform === 'win32') {
             try {
                 execFileSync('taskkill', ['/F', '/T', '/PID', String(holderPid)], { windowsHide: true });
             }
             catch {
-                // Already exiting / unreachable — process.kill(pid, 0) below verifies.
+                // Already exiting / unreachable — verified via poll below.
+            }
+            const forceDeadline = Date.now() + 1000;
+            while (Date.now() < forceDeadline && isProcessRunning(holderPid)) {
+                await new Promise(resolve => setTimeout(resolve, 100));
             }
         }
         else {
-            process.kill(holderPid, 'SIGTERM');
-            // Wait briefly so SIGTERM has a chance to land before checking liveness.
-            await new Promise(resolve => setTimeout(resolve, 1000));
             try {
-                process.kill(holderPid, 0);
-                // Still alive — force kill.
-                process.kill(holderPid, 'SIGKILL');
+                process.kill(holderPid, 'SIGTERM');
             }
-            catch {
-                // Process terminated
+            catch { /* already dead */ }
+            const gracefulDeadline = Date.now() + 3000;
+            while (Date.now() < gracefulDeadline && isProcessRunning(holderPid)) {
+                await new Promise(resolve => setTimeout(resolve, 100));
+            }
+            if (isProcessRunning(holderPid)) {
+                try {
+                    process.kill(holderPid, 'SIGKILL');
+                }
+                catch { /* already dead */ }
+                const forceDeadline = Date.now() + 1000;
+                while (Date.now() < forceDeadline && isProcessRunning(holderPid)) {
+                    await new Promise(resolve => setTimeout(resolve, 100));
+                }
             }
         }
         // Release lock