moflo 4.10.6 → 4.10.8

package/dist/src/cli/commands/daemon.js

@@ -32,13 +32,13 @@ import { errorDetail } from '../shared/utils/error-detail.js';
 export function resolveDashboardPort(flagValue, envValue) {
     const source = flagValue ?? envValue;
     if (!source)
-        return { ok: true, port: DEFAULT_DASHBOARD_PORT };
+        return { ok: true, port: DEFAULT_DASHBOARD_PORT, explicit: false };
     const parsed = parseInt(source, 10);
     if (isNaN(parsed) || parsed < 1 || parsed > 65535) {
         const label = flagValue ? 'dashboard port' : 'MOFLO_DAEMON_PORT';
         return { ok: false, error: `Invalid ${label}: ${source} (must be 1-65535)` };
     }
-    return { ok: true, port: parsed };
+    return { ok: true, port: parsed, explicit: true };
 }
 // Start daemon subcommand
 const startCommand = {
@@ -76,6 +76,7 @@ const startCommand = {
             return { success: false, exitCode: 1 };
         }
         const dashboardPort = portResult.port;
+        const dashboardPortExplicit = portResult.explicit;
         // Parse resource threshold overrides from CLI flags
         const config = {};
         const rawMaxCpu = ctx.flags.maxCpuLoad;
@@ -109,7 +110,7 @@ const startCommand = {
         }
         // Background mode (default): fork a detached process
         if (!foreground) {
-            return startBackgroundDaemon(projectRoot, quiet, rawMaxCpu, rawMinMem, dashboardPort, noDashboard);
+            return startBackgroundDaemon(projectRoot, quiet, rawMaxCpu, rawMinMem, dashboardPortExplicit ? dashboardPort : undefined, noDashboard);
         }
         // Foreground mode: run in current process (blocks terminal)
         try {
@@ -151,7 +152,7 @@ const startCommand = {
                 const status = daemon.getStatus();
                 spinner.succeed('Worker daemon started (foreground mode)');
                 const { dashboard } = await attachDaemonServices(daemon, {
-                    projectRoot, noDashboard, dashboardPort, verbose: true,
+                    projectRoot, noDashboard, dashboardPort, dashboardPortExplicit, verbose: true,
                 });
                 output.writeln();
                 output.printBox([
@@ -207,7 +208,7 @@ const startCommand = {
             }
             else {
                 const daemon = await startDaemon(projectRoot, config);
-                await attachDaemonServices(daemon, { projectRoot, noDashboard, dashboardPort, verbose: false });
+                await attachDaemonServices(daemon, { projectRoot, noDashboard, dashboardPort, dashboardPortExplicit, verbose: false });
                 await new Promise(() => { }); // Keep alive
             }
             return { success: true };
@@ -243,15 +244,25 @@ async function attachDaemonServices(daemon, opts) {
     if (!opts.noDashboard) {
         try {
             dashboard = await startDashboard(daemon, {
-                port: opts.dashboardPort,
+                // Pass the resolved port only when the caller explicitly pinned it
+                // (CLI flag / env). Otherwise let startDashboard pick the
+                // deterministic per-project port via serverPortCandidates (#1145).
+                port: opts.dashboardPortExplicit ? opts.dashboardPort : undefined,
                 memory,
                 schedulerEnabledInConfig: schedulerConfig.enabled,
+                projectRoot: opts.projectRoot,
             });
             if (opts.verbose)
                 output.printSuccess(`The Luminarium: http://localhost:${dashboard.port}`);
         }
         catch (err) {
-            logWarn(`The Luminarium failed to start: ${errorDetail(err)}`);
+            // #1145 §9.4 — hard-fail on bind exhaustion. Pre-#1145 we swallowed
+            // this; the daemon stayed alive doing worker-only work while clients
+            // routed to whichever daemon happened to be on the legacy default
+            // port. Re-throw so the spawn launcher sees a non-zero exit and the
+            // healer flags the failure instead of silently continuing.
+            logWarn(`The Luminarium failed to bind — daemon will exit so clients don't silently route to a foreign daemon: ${errorDetail(err)}`);
+            throw err;
         }
     }
     if (!schedulerConfig.enabled) {
@@ -350,11 +361,14 @@ async function startBackgroundDaemon(projectRoot, quiet, maxCpuLoad, minFreeMemo
     if (minFreeMemory && SPAWN_NUMERIC_RE.test(minFreeMemory)) {
         spawnArgs.push('--min-free-memory', minFreeMemory);
     }
-    // Forward dashboard flags
+    // Forward dashboard flags. With #1145 the foreground child resolves its
+    // own deterministic per-project port when no `--dashboard-port` flag is
+    // passed — only forward the flag when the caller explicitly pinned it
+    // (signaled by `dashboardPort` being defined here).
     if (noDashboard) {
         spawnArgs.push('--no-dashboard');
     }
-    else if (dashboardPort && dashboardPort !== DEFAULT_DASHBOARD_PORT) {
+    else if (dashboardPort != null) {
         spawnArgs.push('--dashboard-port', String(dashboardPort));
     }
     const daemonEnv = {
@@ -413,7 +427,14 @@ async function startBackgroundDaemon(projectRoot, quiet, maxCpuLoad, minFreeMemo
     if (!quiet) {
         output.printSuccess(`Daemon started in background (PID: ${pid})`);
         if (!noDashboard) {
-            output.printInfo(`The Luminarium: http://localhost:${dashboardPort ?? DEFAULT_DASHBOARD_PORT}`);
+            if (dashboardPort != null) {
+                output.printInfo(`The Luminarium: http://localhost:${dashboardPort}`);
+            }
+            else {
+                // #1145 — port is project-deterministic and assigned at bind time;
+                // read it from .moflo/daemon.lock once the child finishes startup.
+                output.printInfo(`The Luminarium: see http://localhost:<port from .moflo/daemon.lock>`);
+            }
         }
         output.printInfo(`Logs: ${logFile}`);
         output.printInfo(`Stop with: claude-flow daemon stop`);

package/dist/src/cli/commands/doctor-checks-config.js

@@ -6,7 +6,8 @@
 import { existsSync, readFileSync, statSync } from 'fs';
 import { join } from 'path';
 import os from 'os';
-import { getDaemonLockHolder } from '../services/daemon-lock.js';
+import { findProjectDaemonPids, getDaemonLockHolder, getDaemonLockPayload, } from '../services/daemon-lock.js';
+import { resolveClientPort, LEGACY_DEFAULT_PORT, probeDaemonHealth as probeDaemonHealthIdentity, normalizeProjectRoot, } from '../services/daemon-port.js';
 import { legacyMemoryDbPath, memoryDbCandidatePaths, memoryDbPath, } from '../services/moflo-paths.js';
 import { probeDbIntegrity } from '../services/memory-db-integrity-repair.js';
 import { findProjectRoot } from '../services/project-root.js';
@@ -102,6 +103,143 @@ export async function checkDaemonStatus() {
         return { name: 'Daemon Status', status: 'warn', message: `Unable to check: ${errorDetail(e)}`, fix: 'claude-flow daemon status' };
     }
 }
+/**
+ * Daemon identity check (#1145).
+ *
+ * Reads `.moflo/daemon.lock` → probes `/api/health` on the recorded port →
+ * confirms the daemon's reported `projectRoot` matches `findProjectRoot()`.
+ * Catches the silent cross-project routing class where two moflo daemons
+ * (e.g. moflo-dev + a consumer) share a port and the client hits the wrong
+ * one.
+ *
+ * Status semantics:
+ *   - `pass` — no daemon (cleanly absent) OR identity matches.
+ *   - `warn` — daemon has no port in lock (pre-#1145 daemon; harmless if
+ *     no collision, but should be recycled to upgrade).
+ *   - `fail` — `/api/health` reports a different project. Routing is
+ *     polluted; the healer fix kills the foreign-identity daemon and
+ *     respawns the local one.
+ */
+export async function checkDaemonIdentity(cwd = process.cwd()) {
+    const projectRoot = findProjectRoot({ cwd });
+    const payload = getDaemonLockPayload(projectRoot);
+    if (!payload) {
+        return {
+            name: 'Daemon Identity Match',
+            status: 'pass',
+            message: 'No daemon running (nothing to verify)',
+        };
+    }
+    // Lock present but no port field — pre-#1145 daemon. Identity check is
+    // best-effort; surface as warn so the user knows to recycle but don't
+    // hard-fail unless we can prove cross-project routing.
+    const portFromLock = payload.port;
+    const probePort = portFromLock ?? resolveClientPort(projectRoot);
+    if (!portFromLock) {
+        // Try the legacy default explicitly so consumers running an
+        // un-upgraded daemon still get a useful diagnostic.
+        const probe = await probeDaemonHealthIdentity(LEGACY_DEFAULT_PORT, 1500);
+        if (probe.kind === 'identity'
+            && normalizeProjectRoot(probe.projectRoot) !== normalizeProjectRoot(projectRoot)) {
+            return {
+                name: 'Daemon Identity Match',
+                status: 'fail',
+                message: `Daemon at 127.0.0.1:${LEGACY_DEFAULT_PORT} claims project '${probe.projectRoot}' — cross-project routing active`,
+                fix: 'flo healer --fix -c daemon-identity',
+            };
+        }
+        return {
+            name: 'Daemon Identity Match',
+            status: 'warn',
+            message: 'Daemon lock has no port field — pre-#1145 daemon; recycle to enable port discovery',
+            fix: 'flo healer --fix -c daemon-identity',
+        };
+    }
+    const probe = await probeDaemonHealthIdentity(probePort, 1500);
+    if (probe.kind === 'unreachable') {
+        return {
+            name: 'Daemon Identity Match',
+            status: 'warn',
+            message: `Daemon at 127.0.0.1:${probePort} unreachable on /api/health`,
+            fix: 'flo healer --fix -c daemon-identity',
+        };
+    }
+    if (probe.kind === 'legacy') {
+        return {
+            name: 'Daemon Identity Match',
+            status: 'warn',
+            message: `Daemon at 127.0.0.1:${probePort} has no /api/health (legacy) — recycle to upgrade`,
+            fix: 'flo healer --fix -c daemon-identity',
+        };
+    }
+    if (normalizeProjectRoot(probe.projectRoot) !== normalizeProjectRoot(projectRoot)) {
+        return {
+            name: 'Daemon Identity Match',
+            status: 'fail',
+            message: `Daemon at 127.0.0.1:${probePort} claims project '${probe.projectRoot}' but cwd is '${projectRoot}'`,
+            fix: 'flo healer --fix -c daemon-identity',
+        };
+    }
+    return {
+        name: 'Daemon Identity Match',
+        status: 'pass',
+        message: `OK (port ${probePort}, pid ${payload.pid})`,
+    };
+}
+/**
+ * Same-project orphan daemon check (#1150).
+ *
+ * Counts moflo daemon processes whose command line is rooted at THIS
+ * project's CLI binary. Healthy state: 0 (no daemon) or 1 (the lock-holder).
+ * Failure state: >1 — multiple daemons are racing for the indexer lock and
+ * writing to the same `daemon-state.json`.
+ *
+ * Distinct from `Daemon Identity Match`, which catches a DIFFERENT project's
+ * daemon answering on a port. This check catches multiple SAME-project
+ * daemons sharing the project root but with one of them holding a stale or
+ * unlinked lock (the orphan path).
+ *
+ * Status semantics:
+ *   - `pass` — 0 or 1 same-project daemon.
+ *   - `fail` — 2+ same-project daemons. Auto-fix terminates all but the
+ *     lock-recorded PID (or all + respawn if no lock matches a live one).
+ *     The "no live lock-holder" sub-case stays `fail` rather than `warn`:
+ *     a stale lock alongside live orphan daemons is a strictly worse state
+ *     than an orphan that the lock knows about, not a softer one.
+ *   - `warn` — the OS process scan itself failed (platform introspection
+ *     unavailable). The healer is offered as a fallback but isn't binding.
+ */
+export async function checkDaemonOrphan(cwd = process.cwd()) {
+    const projectRoot = findProjectRoot({ cwd });
+    let pids;
+    try {
+        pids = findProjectDaemonPids(projectRoot);
+    }
+    catch (e) {
+        return {
+            name: 'Daemon Orphan',
+            status: 'warn',
+            message: `Process scan failed: ${errorDetail(e)}`,
+        };
+    }
+    if (pids.length === 0) {
+        return { name: 'Daemon Orphan', status: 'pass', message: 'No daemon running (nothing to verify)' };
+    }
+    if (pids.length === 1) {
+        return { name: 'Daemon Orphan', status: 'pass', message: `1 daemon (pid ${pids[0]})` };
+    }
+    const lockHolder = getDaemonLockHolder(projectRoot);
+    const lockHolderInPids = lockHolder != null && pids.includes(lockHolder);
+    const orphanPids = lockHolderInPids ? pids.filter(p => p !== lockHolder) : pids;
+    return {
+        name: 'Daemon Orphan',
+        status: 'fail',
+        message: lockHolderInPids
+            ? `${pids.length} daemons for this project; lock holds pid ${lockHolder}, orphans: ${orphanPids.join(', ')}`
+            : `${pids.length} daemons for this project; no lock-holder identifiable, candidates: ${pids.join(', ')}`,
+        fix: 'flo healer --fix -c daemon-orphan',
+    };
+}
 export async function checkMemoryDatabase() {
     const root = process.cwd();
     const canonical = memoryDbPath(root);

package/dist/src/cli/commands/doctor-checks-deep.js

@@ -670,4 +670,109 @@ export async function checkHookBlockDrift() {
         fix: 'set auto_update.hook_block_drift: regenerate in moflo.yaml, or claudeFlow.hooks.locked: true to suppress',
     };
 }
+// ============================================================================
+// 12. CLAUDE.md Injection Drift Check
+// ============================================================================
+/**
+ * Detect when the consumer's `<root>/CLAUDE.md` MoFlo-injected block has
+ * drifted from the canonical block the current `claudemd-generator` produces.
+ * Analogue of `Hook Block Drift` for CLAUDE.md content.
+ *
+ * The session-start launcher refreshes shipped guidance files on every
+ * version change, but the CLAUDE.md injection is only rewritten by explicit
+ * `flo init` / `flo-setup`. Without this check, consumers carry stale
+ * injection content (and stale guidance pointers) indefinitely.
+ *
+ * Five states map to four reportable statuses:
+ *   no-file       → warn  (run `flo init`)
+ *   no-marker     → warn  (run `flo init` / `flo-setup`)
+ *   legacy-marker → warn  (auto-fixable — replace legacy block)
+ *   in-sync       → pass
+ *   drifted       → warn  (auto-fixable — refresh block)
+ */
+export async function checkClaudeMdInjectionDrift() {
+    const projectDir = findConsumerProjectDir();
+    const claudeMdPath = join(projectDir, 'CLAUDE.md');
+    // Respect `auto_update.claudemd_injection_drift: off` for consumers who
+    // explicitly opt out (mirrors the launcher's behaviour and the Hook Block
+    // Drift check). Read the config first so the off-mode skip is cheap.
+    try {
+        const { loadMofloConfig } = await import('../config/moflo-config.js');
+        const cfg = loadMofloConfig(projectDir);
+        if (cfg.auto_update.claudemd_injection_drift === 'off') {
+            return {
+                name: 'CLAUDE.md Injection Drift',
+                status: 'pass',
+                message: 'drift check skipped — auto_update.claudemd_injection_drift: off',
+            };
+        }
+    }
+    catch { /* config read failure — fall through to drift check */ }
+    if (!existsSync(claudeMdPath)) {
+        return {
+            name: 'CLAUDE.md Injection Drift',
+            status: 'warn',
+            message: 'CLAUDE.md not found',
+            fix: 'npx moflo init',
+        };
+    }
+    let contents;
+    try {
+        contents = readFileSync(claudeMdPath, 'utf-8');
+    }
+    catch (e) {
+        return {
+            name: 'CLAUDE.md Injection Drift',
+            status: 'warn',
+            message: `cannot read CLAUDE.md: ${errorDetail(e)}`,
+        };
+    }
+    // Dynamic-import the generator + drift detector so the dist-vs-source
+    // path resolution stays consistent with the launcher.
+    const { generateClaudeMd } = await import('../init/claudemd-generator.js');
+    const { computeInjectionDrift } = await import('../services/claudemd-injection.js');
+    // Use `{}` (not DEFAULT_INIT_OPTIONS) to match the launcher's call —
+    // the generator ignores the argument, but matching call shape removes the
+    // possibility of a future generator change diverging the two surfaces.
+    const canonical = generateClaudeMd({});
+    const report = computeInjectionDrift(contents, canonical);
+    switch (report.state) {
+        case 'in-sync':
+            return {
+                name: 'CLAUDE.md Injection Drift',
+                status: 'pass',
+                message: 'CLAUDE.md injection block matches reference',
+            };
+        case 'no-marker':
+            return {
+                name: 'CLAUDE.md Injection Drift',
+                status: 'warn',
+                message: 'CLAUDE.md has no MOFLO:INJECTED:START block',
+                fix: 'npx flo-setup',
+            };
+        case 'legacy-marker':
+            return {
+                name: 'CLAUDE.md Injection Drift',
+                status: 'warn',
+                message: 'CLAUDE.md uses a legacy moflo marker pair (pre-MOFLO:INJECTED) — auto-fix replaces with current block',
+                fix: 'npx flo-setup --update',
+            };
+        case 'drifted':
+            return {
+                name: 'CLAUDE.md Injection Drift',
+                status: 'warn',
+                message: 'CLAUDE.md injection block has drifted from reference',
+                fix: 'npx flo-setup --update',
+            };
+        case 'no-file':
+            // Defensive — `existsSync` returned true above, so this branch is
+            // unreachable in practice. Return a sane status anyway.
+            return {
+                name: 'CLAUDE.md Injection Drift',
+                status: 'warn',
+                message: 'CLAUDE.md not found',
+                fix: 'npx moflo init',
+            };
+    }
+}
 //# sourceMappingURL=doctor-checks-deep.js.map

package/dist/src/cli/commands/doctor-fixes.js

@@ -160,9 +160,29 @@ export async function autoFixCheck(check) {
                 return false;
             }
         },
+        // #1150 — SIGTERM the lock-holder BEFORE unlinking the lock. The old
+        // shape (`unlink lock; daemon start`) is the bug that produced orphan
+        // daemon accumulation: if the lock-holder PID was still alive, the
+        // unlink left it running and the respawn produced a second same-project
+        // daemon. Mirrors the 'Daemon Version Skew' / 'Daemon Identity Match'
+        // shape which got this right.
+        //
+        // Also reaps any same-project orphans whose PIDs aren't recorded in the
+        // lock — those are the daemons that survived prior buggy fixes.
         'Daemon Status': async () => {
-            const lockFile = join(process.cwd(), '.moflo', 'daemon.lock');
-            const pidFile = join(process.cwd(), '.moflo', 'daemon.pid');
+            const cwd = process.cwd();
+            const { getDaemonLockPayload, reapSameProjectOrphans } = await import('../services/daemon-lock.js');
+            const payload = getDaemonLockPayload(cwd);
+            if (payload?.pid && payload.pid > 0) {
+                try {
+                    process.kill(payload.pid, 'SIGTERM');
+                }
+                catch { /* already dead */ }
+            }
+            // Wipe other same-project daemons that the lock doesn't account for.
+            reapSameProjectOrphans(cwd);
+            const lockFile = join(cwd, '.moflo', 'daemon.lock');
+            const pidFile = join(cwd, '.moflo', 'daemon.pid');
             try {
                 if (existsSync(lockFile))
                     unlinkSync(lockFile);
@@ -195,6 +215,59 @@ export async function autoFixCheck(check) {
             catch { /* ok */ }
             return runFixCommand('npx moflo daemon start');
         },
+        // #1150 — terminate same-project orphan daemons. Keep the lock-holder
+        // alive if it shows up in the scan (it's the canonical daemon). If the
+        // lock-holder is missing/stale, kill all candidates and let the next
+        // session-start respawn a clean one. The pre-computed `pids` list is
+        // threaded into `reapSameProjectOrphans` so we don't re-run the
+        // OS process scan inside it.
+        'Daemon Orphan': async () => {
+            const cwd = process.cwd();
+            const { findProjectDaemonPids, getDaemonLockHolder, reapSameProjectOrphans } = await import('../services/daemon-lock.js');
+            const pids = findProjectDaemonPids(cwd);
+            if (pids.length <= 1)
+                return true; // already healthy
+            const lockHolder = getDaemonLockHolder(cwd);
+            if (lockHolder != null && pids.includes(lockHolder)) {
+                const { survived } = reapSameProjectOrphans(cwd, process.pid, lockHolder, pids);
+                return survived.length === 0;
+            }
+            // No identifiable canonical daemon — kill them all, clear the lock,
+            // respawn fresh.
+            const { survived } = reapSameProjectOrphans(cwd, process.pid, undefined, pids);
+            const lockFile = join(cwd, '.moflo', 'daemon.lock');
+            try {
+                if (existsSync(lockFile))
+                    unlinkSync(lockFile);
+            }
+            catch { /* ok */ }
+            if (survived.length > 0)
+                return false;
+            return runFixCommand('npx moflo daemon start');
+        },
+        // #1145 — daemon claims a different projectRoot than ours (or has no
+        // port in its lock so we can't verify). Same recycle pattern as version
+        // skew: SIGTERM the local daemon, clear the lock, respawn. Then the new
+        // daemon binds the per-project deterministic port and stamps it into
+        // the lock — clients can discover it without guessing.
+        'Daemon Identity Match': async () => {
+            const cwd = process.cwd();
+            const { getDaemonLockPayload } = await import('../services/daemon-lock.js');
+            const payload = getDaemonLockPayload(cwd);
+            if (payload?.pid && payload.pid > 0) {
+                try {
+                    process.kill(payload.pid, 'SIGTERM');
+                }
+                catch { /* already dead */ }
+            }
+            const lockFile = join(cwd, '.moflo', 'daemon.lock');
+            try {
+                if (existsSync(lockFile))
+                    unlinkSync(lockFile);
+            }
+            catch { /* ok */ }
+            return runFixCommand('npx moflo daemon start');
+        },
         'Embedding Coverage Truth': async () => {
             // Same as the existing Embeddings fix — rebuild the cache by re-running
             // the embeddings pipeline. Routes through `npx moflo` so the consumer
@@ -255,6 +328,30 @@ export async function autoFixCheck(check) {
         'Gate Health': async () => {
             return fixGateHealthHooks();
         },
+        // Refresh the consumer's CLAUDE.md MoFlo block in place using the
+        // shared `applyInjectionReplacement` service. Idempotent: a re-run sees
+        // `state === 'in-sync'` and the autoFix dispatcher skips this entry.
+        'CLAUDE.md Injection Drift': async () => {
+            const projectRoot = findProjectRoot();
+            const claudeMdPath = join(projectRoot, 'CLAUDE.md');
+            try {
+                const { generateClaudeMd } = await import('../init/claudemd-generator.js');
+                const { applyInjectionReplacement } = await import('../services/claudemd-injection.js');
+                const canonical = generateClaudeMd({});
+                const existing = existsSync(claudeMdPath) ? readFileSync(claudeMdPath, 'utf-8') : null;
+                const result = applyInjectionReplacement(existing, canonical);
+                if (!result.changed || !result.contents)
+                    return false;
+                // atomicWriteFileSync guards against a concurrent reader (Claude Code
+                // re-scanning CLAUDE.md mid-fix) seeing a truncated file.
+                atomicWriteFileSync(claudeMdPath, result.contents);
+                return true;
+            }
+            catch (e) {
+                output.writeln(output.warning(`  CLAUDE.md repair failed: ${errorDetail(e)}`));
+                return false;
+            }
+        },
         'Embedding hygiene': async () => {
             // The session-start launcher already runs the same migration BEFORE
             // daemon/MCP boot — that's where consumer autoheal happens. Running

package/dist/src/cli/commands/doctor-registry.js

@@ -4,7 +4,7 @@
  * Kept separate from `doctor.ts` so the orchestration file stays small and the
  * registry can be inspected/extended without re-touching command-action code.
  */
-import { checkSubagentHealth, checkSpellExecution, checkMcpToolInvocation, checkHookExecution, checkMcpSpellIntegration, checkGateHealth, checkHookBlockDrift, checkMofloDbBridge, } from './doctor-checks-deep.js';
+import { checkSubagentHealth, checkSpellExecution, checkMcpToolInvocation, checkHookExecution, checkMcpSpellIntegration, checkGateHealth, checkHookBlockDrift, checkClaudeMdInjectionDrift, checkMofloDbBridge, } from './doctor-checks-deep.js';
 import { checkEmbeddingHygiene } from './doctor-embedding-hygiene.js';
 import { checkDaemonVersionSkew } from './doctor-checks-version-skew.js';
 import { checkEmbeddingCoverageTruth } from './doctor-checks-coverage-truth.js';
@@ -12,7 +12,7 @@ import { checkWritersAudit } from './doctor-checks-writers-audit.js';
 import { checkSwarmFunctional, checkHiveMindFunctional, } from './doctor-checks-swarm.js';
 import { checkMemoryAccessFunctional } from './doctor-checks-memory-access.js';
 import { checkBuildTools, checkClaudeCode, checkDiskSpace, checkGit, checkGitRepo, checkNodeVersion, checkNpmVersion, } from './doctor-checks-runtime.js';
-import { checkConfigFile, checkDaemonStatus, checkDaemonWriteRouting, checkMcpServers, checkMemoryDatabase, checkMemoryDbIntegrity, checkMofloYamlCompliance, checkStatusLine, checkTestDirs, } from './doctor-checks-config.js';
+import { checkConfigFile, checkDaemonIdentity, checkDaemonOrphan, checkDaemonStatus, checkDaemonWriteRouting, checkMcpServers, checkMemoryDatabase, checkMemoryDbIntegrity, checkMofloYamlCompliance, checkStatusLine, checkTestDirs, } from './doctor-checks-config.js';
 import { checkSpellEngine, checkSandboxTier } from './doctor-checks-platform.js';
 import { checkEmbeddings, checkSemanticQuality, } from './doctor-checks-memory.js';
 import { checkIntelligence } from './doctor-checks-intelligence.js';
@@ -37,6 +37,8 @@ export const allChecks = [
     checkStatusLine,
     checkDaemonStatus,
     checkDaemonVersionSkew,
+    checkDaemonIdentity,
+    checkDaemonOrphan,
     checkDaemonWriteRouting,
     checkWritersAudit,
     checkMemoryDatabase,
@@ -63,6 +65,7 @@ export const allChecks = [
     checkHookExecution,
     checkGateHealth,
     checkHookBlockDrift,
+    checkClaudeMdInjectionDrift,
     checkMofloDbBridge,
     // Issue #818 / epic #798 — coordinator-path tripwires. They share the
     // singleton coordinator with checkSubagentHealth above and assert by
@@ -94,6 +97,13 @@ export const componentMap = {
     'skew': checkDaemonVersionSkew,
     'daemon-write-routing': checkDaemonWriteRouting,
     'write-routing': checkDaemonWriteRouting,
+    'daemon-identity': checkDaemonIdentity,
+    'daemon-identity-match': checkDaemonIdentity,
+    'identity': checkDaemonIdentity,
+    'daemon-orphan': checkDaemonOrphan,
+    'daemon-orphans': checkDaemonOrphan,
+    'orphan': checkDaemonOrphan,
+    'orphans': checkDaemonOrphan,
     'writers-audit': checkWritersAudit,
     'writers': checkWritersAudit,
     'memory': checkMemoryDatabase,
@@ -127,6 +137,9 @@ export const componentMap = {
     'gate': checkGateHealth,
     'hook-drift': checkHookBlockDrift,
     'drift': checkHookBlockDrift,
+    'claudemd-drift': checkClaudeMdInjectionDrift,
+    'claudemd': checkClaudeMdInjectionDrift,
+    'injection-drift': checkClaudeMdInjectionDrift,
     'sandbox': checkSandboxTier,
     'sandbox-tier': checkSandboxTier,
     'moflodb': checkMofloDbBridge,

package/dist/src/cli/commands/memory.js

@@ -103,7 +103,7 @@ const storeCommand = {
             size: Buffer.byteLength(value, 'utf8')
         };
         output.printInfo(`Storing in ${namespace}/${key}...`);
-        // Use direct sql.js storage with automatic embedding generation
+        // Use direct memory-backend storage with automatic embedding generation
         try {
             const { storeEntry } = await import('../memory/memory-initializer.js');
             if (asVector) {
@@ -175,7 +175,7 @@ const retrieveCommand = {
             output.printError('Key is required');
             return { success: false, exitCode: 1 };
         }
-        // Use sql.js directly for consistent data access
+        // Use the memory backend directly for consistent data access
         try {
             const { getEntry } = await import('../memory/memory-initializer.js');
             const result = await getEntry({ key, namespace });
@@ -302,7 +302,7 @@ const searchCommand = {
         }
         output.printInfo(`Searching: "${query}" (${searchType})`);
         output.writeln();
-        // Use direct sql.js search with vector similarity
+        // Use direct memory-backend search with vector similarity
         try {
             const { searchEntries } = await import('../memory/memory-initializer.js');
             const searchResult = await searchEntries({
@@ -381,7 +381,7 @@ const listCommand = {
     action: async (ctx) => {
         const namespace = ctx.flags.namespace;
         const limit = ctx.flags.limit;
-        // Use sql.js directly for consistent data access
+        // Use the memory backend directly for consistent data access
         try {
             const { listEntries } = await import('../memory/memory-initializer.js');
             const listResult = await listEntries({ namespace, limit, offset: 0 });
@@ -499,7 +499,7 @@ const deleteCommand = {
                 return { success: true };
             }
         }
-        // Use sql.js directly for consistent data access (Issue #980)
+        // Use the memory backend directly for consistent data access (Issue #980)
         try {
             const { deleteEntry } = await import('../memory/memory-initializer.js');
             const result = await deleteEntry({ key, namespace });
@@ -1034,10 +1034,10 @@ const importCommand = {
         }
     }
 };
-// Init subcommand - initialize memory database using sql.js
+// Init subcommand - initialize memory database using node:sqlite
 const initMemoryCommand = {
     name: 'init',
-    description: 'Initialize memory database with sql.js (WASM SQLite) - includes vector embeddings, pattern learning, temporal decay',
+    description: 'Initialize memory database with node:sqlite (Node 22+ built-in) - includes vector embeddings, pattern learning, temporal decay',
     options: [
         {
             name: 'backend',
@@ -2637,7 +2637,7 @@ export const memoryCommand = {
         output.writeln();
         output.writeln('Subcommands:');
         output.printList([
-            `${output.highlight('init')}       - Initialize memory database (sql.js)`,
+            `${output.highlight('init')}       - Initialize memory database (node:sqlite)`,
             `${output.highlight('store')}      - Store data in memory`,
             `${output.highlight('retrieve')}   - Retrieve data from memory`,
             `${output.highlight('search')}     - Semantic/vector search`,

package/dist/src/cli/commands/neural.js

@@ -5,6 +5,8 @@
  * Created with ❤️ by motailz.com
  */
 import { output } from '../output.js';
+import { findProjectRoot } from '../services/project-root.js';
+import { MOFLO_DIR } from '../services/moflo-paths.js';
 import { errorDetail } from '../shared/utils/error-detail.js';
 // Train subcommand - REAL WASM training with MoVector
 const trainCommand = {
@@ -673,8 +675,8 @@ const optimizeCommand = {
             await initializeIntelligence();
             const patterns = await getAllPatterns();
             const stats = getIntelligenceStats();
-            // Get actual pattern storage size
-            const patternDir = path.join(process.cwd(), '.moflo', 'neural');
+            // Get actual pattern storage size (#1152: anchor on projectRoot, not cwd)
+            const patternDir = path.join(findProjectRoot(), MOFLO_DIR, 'neural');
             let beforeSize = 0;
             try {
                 const patternFile = path.join(patternDir, 'patterns.json');
@@ -849,8 +851,8 @@ const exportCommand = {
                     totalUsage: 0,
                 },
             };
-            // Load patterns from local storage
-            const memoryDir = path.join(process.cwd(), '.moflo', 'memory');
+            // Load patterns from local storage (#1152: projectRoot-anchored)
+            const memoryDir = path.join(findProjectRoot(), MOFLO_DIR, 'memory');
             const patternsFile = path.join(memoryDir, 'patterns.json');
             if (fs.existsSync(patternsFile)) {
                 const patterns = JSON.parse(fs.readFileSync(patternsFile, 'utf8'));
@@ -1242,8 +1244,8 @@ const importCommand = {
             if (validPatterns.length < patterns.length) {
                 output.writeln(output.warning(`Filtered ${patterns.length - validPatterns.length} suspicious patterns`));
             }
-            // Save to local memory
-            const memoryDir = path.join(process.cwd(), '.moflo', 'memory');
+            // Save to local memory (#1152: projectRoot-anchored)
+            const memoryDir = path.join(findProjectRoot(), MOFLO_DIR, 'memory');
             if (!fs.existsSync(memoryDir)) {
                 fs.mkdirSync(memoryDir, { recursive: true });
             }