moflo 4.10.7 → 4.10.8

package/dist/src/cli/memory/daemon-write-client.js

@@ -37,11 +37,18 @@
  * @module cli/memory/daemon-write-client
  */
 import * as http from 'node:http';
+import { findProjectRoot } from '../services/project-root.js';
+import { resolveClientPort, LEGACY_DEFAULT_PORT, probeDaemonHealth as probeDaemonHealthIdentity, normalizeProjectRoot, } from '../services/daemon-port.js';
 // ============================================================================
 // Constants
 // ============================================================================
-/** Default daemon HTTP port. Mirrors `DEFAULT_DASHBOARD_PORT` in daemon-dashboard.ts. */
-const DEFAULT_DAEMON_PORT = 3117;
+/**
+ * Read-only legacy default exported for tests; the actual port comes from
+ * `getDaemonPort()` which delegates to `resolveClientPort(findProjectRoot())`.
+ * Routes through `LEGACY_DEFAULT_PORT` so no literal port number lives in
+ * this file — see `daemon-port.ts` and the no-fixed-port regression guard.
+ */
+const DEFAULT_DAEMON_PORT = LEGACY_DEFAULT_PORT;
 /** HTTP timeout for ALL daemon requests (probe + write). Bounds the worst-case CLI hang. */
 const DAEMON_HTTP_TIMEOUT_MS = 100;
 /** Health-probe cache TTL. Probe at most once per 5s in either direction. */
@@ -55,18 +62,35 @@ let configCache = null;
 export function _resetForTest() {
     healthCache = null;
     configCache = null;
+    identityCache = null;
+    _portCache = null;
+    _identityWarnedFor.clear();
 }
 // ============================================================================
 // Resolve daemon port (env override → moflo.yaml unused for v1 → default)
 // ============================================================================
+/**
+ * Resolve the daemon HTTP port for this project.
+ *
+ * Delegates to `resolveClientPort(findProjectRoot())`:
+ *   1. `MOFLO_DAEMON_PORT` env override (consumer pin)
+ *   2. `port` field in `<projectRoot>/.moflo/daemon.lock` (server records
+ *      the actual bound port after startup — #1145)
+ *   3. Deterministic per-project port `33000 + sha256(path)%1000`
+ *
+ * Cached per-process — the lock-file path doesn't change once a process is
+ * up. On a routed-failure the health cache is invalidated (which triggers
+ * the next port resolve), keeping the client honest about daemon location
+ * after a recycle.
+ */
+let _portCache = null;
 function getDaemonPort() {
-    const fromEnv = process.env.MOFLO_DAEMON_PORT;
-    if (fromEnv) {
-        const n = parseInt(fromEnv, 10);
-        if (Number.isFinite(n) && n > 0 && n < 65536)
-            return n;
-    }
-    return DEFAULT_DAEMON_PORT;
+    const projectRoot = findProjectRoot();
+    if (_portCache && _portCache.projectRoot === projectRoot)
+        return _portCache.port;
+    const port = resolveClientPort(projectRoot);
+    _portCache = { port, projectRoot };
+    return port;
 }
 // ============================================================================
 // Daemon-disabled check (cached) — reads `daemon.auto_start` from moflo.yaml
@@ -90,12 +114,18 @@ async function isDaemonEnabledInConfig() {
     configCache = { daemonEnabled: enabled, checkedAt: now };
     return enabled;
 }
-// ============================================================================
-// Health probe (cached) — GET /api/status
-// ============================================================================
+let identityCache = null;
+/**
+ * Ports we've already warned about during this process — bounded by the
+ * number of distinct daemon ports a single client process can see in its
+ * lifetime (usually 1). Keeps the stderr noise to a single line per
+ * mismatched daemon per process.
+ */
+const _identityWarnedFor = new Set();
 /**
  * Cached daemon health probe. Returns true iff the daemon's HTTP server
- * is reachable on `127.0.0.1:<port>` within {@link DAEMON_HTTP_TIMEOUT_MS}.
+ * is reachable on `127.0.0.1:<port>` within {@link DAEMON_HTTP_TIMEOUT_MS}
+ * AND its `/api/health` reports a `projectRoot` matching ours (#1145).
  *
  * Cache survives 5s in either direction — so a daemon that just came up
  * is missed for ≤5s, and a daemon that just died is incorrectly assumed
@@ -113,9 +143,74 @@ export async function isDaemonAvailable() {
     if (healthCache && (now - healthCache.checkedAt) < HEALTH_CACHE_TTL_MS) {
         return healthCache.available;
     }
-    const available = await probeDaemonHealth(getDaemonPort());
-    healthCache = { available, checkedAt: now };
-    return available;
+    const port = getDaemonPort();
+    const reachable = await probeDaemonHealth(port);
+    if (!reachable) {
+        healthCache = { available: false, checkedAt: now };
+        return false;
+    }
+    // 4) Identity check — daemon reachable but is it OUR daemon?
+    const identityOk = await isDaemonIdentityMatch(port);
+    healthCache = { available: identityOk, checkedAt: now };
+    return identityOk;
+}
+/**
+ * Probe `/api/health` and confirm the daemon's reported `projectRoot`
+ * matches ours. Caches the result for {@link HEALTH_CACHE_TTL_MS}.
+ *
+ * Mismatch consequence: this function returns `false`, the caller falls
+ * through to the direct-SQL path (the path that is provably correct, see
+ * the `MOFLO_DISABLE_DAEMON_ROUTING=1` reproducer in
+ * `docs/internal/1145-daemon-port-collision-analysis.md`), and we emit
+ * ONE stderr line per port per process so the user can see the wrong-
+ * project daemon is the problem.
+ *
+ * Tolerant of legacy daemons that don't expose `/api/health`: a 404 means
+ * the daemon predates #1145, so we trust the legacy port resolution (the
+ * client is presumably hitting the same project's daemon anyway) and
+ * return `true`. The lock-file port-discovery path is the primary
+ * collision defence; identity check is the safety net.
+ */
+async function isDaemonIdentityMatch(port) {
+    const now = Date.now();
+    const ourProjectRoot = findProjectRoot();
+    if (identityCache &&
+        identityCache.ourProjectRoot === ourProjectRoot &&
+        (now - identityCache.checkedAt) < HEALTH_CACHE_TTL_MS) {
+        return identityCache.matches;
+    }
+    const probe = await probeDaemonHealthIdentity(port, DAEMON_HTTP_TIMEOUT_MS);
+    if (probe.kind === 'legacy' || probe.kind === 'unreachable') {
+        // No identity to compare — daemon either predates #1145 or the probe
+        // itself failed transport-side. Fall open: rely on port-discovery
+        // (lock file + deterministic hash) as the primary defence. Only a
+        // CONFIRMED mismatch blocks routing — that's the conservative safety
+        // net that doesn't break upgraded-client-against-legacy-daemon.
+        //
+        // Asymmetry with doctor's `checkDaemonIdentity`: the healer probes
+        // LEGACY_DEFAULT_PORT explicitly and flags a foreign legacy daemon
+        // as `fail`, while this hot path lets it through. That's intentional
+        // — the doctor runs on-demand for diagnostics, and live writes must
+        // not block when the cluster is mid-upgrade. The CHANGELOG migration
+        // window is the agreed remediation surface.
+        identityCache = { matches: true, checkedAt: now, ourProjectRoot };
+        return true;
+    }
+    const matches = normalizeProjectRoot(probe.projectRoot) === normalizeProjectRoot(ourProjectRoot);
+    identityCache = {
+        matches,
+        checkedAt: now,
+        ourProjectRoot,
+        daemonProjectRoot: probe.projectRoot,
+    };
+    if (!matches && !_identityWarnedFor.has(port)) {
+        _identityWarnedFor.add(port);
+        // One stderr line per mismatched daemon, ever. Quiet enough that scripts
+        // don't drown but loud enough that healer-class diagnostics surface it.
+        process.stderr.write(`[moflo] daemon at 127.0.0.1:${port} claims project '${probe.projectRoot}' but cwd is '${ourProjectRoot}' — ` +
+            `using direct DB. Run flo healer --fix to repair daemon binding (#1145).\n`);
+    }
+    return matches;
 }
 function probeDaemonHealth(port) {
     return new Promise((resolve) => {
@@ -212,6 +307,31 @@ export async function tryDaemonList(opts) {
         total: typeof data?.total === 'number' ? data.total : 0,
     }));
 }
+/**
+ * Route a memory-stats query through the daemon (#1149). Single GROUP BY
+ * query server-side — replaces the list-and-iterate path in the MCP
+ * `memory_stats` handler that fetched up to 100 000 rows just to count
+ * them and tripped the daemon's `limit ≤ 10 000` cap.
+ *
+ * Returns `{ routed: false }` when the daemon is unavailable or any 5xx /
+ * transport fault fires — caller falls back to a direct
+ * `getNamespaceCounts()` so users never see a fake zero.
+ */
+export async function tryDaemonStats() {
+    if (!(await isDaemonAvailable()))
+        return { routed: false };
+    return requestReadJson('GET', '/api/memory/stats', undefined, (data) => {
+        if (typeof data?.totalEntries !== 'number')
+            return null;
+        return {
+            namespaces: (data?.namespaces && typeof data.namespaces === 'object')
+                ? data.namespaces
+                : {},
+            totalEntries: data.totalEntries,
+            withEmbeddings: typeof data?.withEmbeddings === 'number' ? data.withEmbeddings : 0,
+        };
+    });
+}
 // ============================================================================
 // Internal HTTP poster — never throws, bounded timeout
 // ============================================================================
@@ -261,8 +381,14 @@ function postJson(path, body) {
             // On routed-failure, invalidate the health cache so the next call
             // re-probes and trips back to direct-write quickly when the daemon
             // is dying.
-            if (result.routed === false)
+            if (result.routed === false) {
+                // Daemon recycled to a different port (post #1145 server restart)
+                // → invalidate the port cache too so the next call re-reads
+                // .moflo/daemon.lock. Otherwise we'd keep hammering a stale port.
                 healthCache = null;
+                identityCache = null;
+                _portCache = null;
+            }
             resolve(result);
         };
         const payload = JSON.stringify(body);
@@ -322,45 +448,49 @@ function postJson(path, body) {
     });
 }
 /**
- * Generic JSON POST that returns a daemon-read envelope. Same transport
- * guarantees as `postJson`: never throws, bounded timeout, invalidates health
- * cache on routed-failure.
+ * Generic JSON read-request that returns a daemon-read envelope. Never
+ * throws, bounded by `DAEMON_HTTP_TIMEOUT_MS`, invalidates the health +
+ * identity + port caches on any routed-failure (daemon-recycle covers).
  *
- * The `shape` callback maps the daemon's parsed JSON payload to the typed
- * data shape the caller expects. Returning `null` from `shape` (or a parse
- * failure) downgrades to `{ routed: false }` so the caller falls back.
+ * Failure-shape contract (#1101):
+ *   2xx                            → routed:true with shape(data)
+ *   4xx                            → routed:true with error (caller propagates)
+ *   5xx / transport / parse-fail   → routed:false (caller falls back)
+ *
+ * `body === undefined` ⇒ GET (no Content-* headers); otherwise POST with
+ * JSON body. The `shape` callback maps parsed JSON to the typed payload;
+ * returning `null` downgrades the response to routed:false so the caller
+ * falls back to bridge-direct.
  */
-function postReadJson(path, body, shape) {
+function requestReadJson(method, path, body, 
+// `data` is a JSON.parse boundary — typed `any` here mirrors JSON.parse's
+// own return type so callers can do safe optional-chaining narrowing.
+shape) {
     return new Promise((resolve) => {
         let done = false;
         const finish = (result) => {
             if (done)
                 return;
             done = true;
-            if (result.routed === false)
+            if (result.routed === false) {
+                // Daemon may have recycled to a new port (post-#1145 restart) →
+                // invalidate the lock-file-port cache and the identity probe so
+                // the next call re-discovers reality.
                 healthCache = null;
+                identityCache = null;
+                _portCache = null;
+            }
             resolve(result);
         };
-        const payload = JSON.stringify(body);
-        const req = http.request({
-            host: '127.0.0.1',
-            port: getDaemonPort(),
-            path,
-            method: 'POST',
-            timeout: DAEMON_HTTP_TIMEOUT_MS,
-            headers: {
-                'Content-Type': 'application/json',
-                'Content-Length': Buffer.byteLength(payload),
-            },
-        }, (res) => {
+        const payload = body === undefined ? undefined : JSON.stringify(body);
+        const headers = payload === undefined
+            ? undefined
+            : { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) };
+        const req = http.request({ host: '127.0.0.1', port: getDaemonPort(), path, method, timeout: DAEMON_HTTP_TIMEOUT_MS, headers }, (res) => {
             let buf = '';
             res.setEncoding('utf8');
             res.on('data', (chunk) => { buf += chunk; });
             res.on('end', () => {
-                // #1101 — mirror postJson contract for reads:
-                //   2xx  → routed:true with shaped data
-                //   4xx  → routed:true with error (no data) — caller propagates
-                //   5xx  → routed:false (caller falls back)
                 const status = res.statusCode ?? 0;
                 if (status >= 500 || status < 200) {
                     finish({ routed: false });
@@ -371,13 +501,8 @@ function postReadJson(path, body, shape) {
                     return;
                 }
                 try {
-                    const parsed = JSON.parse(buf);
-                    const shaped = shape(parsed);
-                    if (shaped === null) {
-                        finish({ routed: false });
-                        return;
-                    }
-                    finish({ routed: true, data: shaped });
+                    const shaped = shape(JSON.parse(buf));
+                    finish(shaped === null ? { routed: false } : { routed: true, data: shaped });
                 }
                 catch {
                     finish({ routed: false });
@@ -387,8 +512,12 @@ function postReadJson(path, body, shape) {
         });
         req.on('error', () => finish({ routed: false }));
         req.on('timeout', () => { req.destroy(); finish({ routed: false }); });
-        req.write(payload);
+        if (payload !== undefined)
+            req.write(payload);
         req.end();
     });
 }
+function postReadJson(path, body, shape) {
+    return requestReadJson('POST', path, body, shape);
+}
 //# sourceMappingURL=daemon-write-client.js.map

package/dist/src/cli/memory/database-provider.js

@@ -11,6 +11,13 @@
 import { platform } from 'node:os';
 import { existsSync } from 'node:fs';
 import { SqliteBackend } from './sqlite-backend.js';
+/**
+ * Canonical label returned in MCP `backend` fields and other consumer-visible
+ * surfaces. Single source of truth so a future engine swap is a one-line edit
+ * instead of an 8-site grep. Phase 5 (#1084) finalized node:sqlite as the
+ * only SQLite backend; the HNSW vector index sits on top.
+ */
+export const BACKEND_LABEL = 'node:sqlite + HNSW';
 /**
  * Detect platform and recommend provider
  */
@@ -118,9 +125,15 @@ async function selectProvider(preferred, verbose = false) {
  * ```
  */
 export async function createDatabase(path, options = {}) {
-    const { provider = 'auto', verbose = false, walMode: _walMode = true, optimize = true, defaultNamespace = 'default', maxEntries = 1000000, autoPersistInterval = 5000, wasmPath: _wasmPath, } = options;
-    // Select provider
-    const selectedProvider = await selectProvider(provider, verbose);
+    const { provider, verbose = false, walMode: _walMode = true, optimize = true, defaultNamespace = 'default', maxEntries = 1000000, autoPersistInterval = 5000, wasmPath: _wasmPath, } = options;
+    // When no explicit provider is given, consult moflo.yaml's
+    // `memory.backend` knob (#1144). This is what makes the YAML value
+    // truthful instead of cosmetic — the runtime now actually honours
+    // whatever the consumer put in their config. Falls back to `'auto'` if
+    // the config can't be loaded (e.g. running from a directory with no
+    // `moflo.yaml`), preserving the previous behaviour for raw callers.
+    const effectiveProvider = provider ?? (await preferredProviderFromConfig(verbose)) ?? 'auto';
+    const selectedProvider = await selectProvider(effectiveProvider, verbose);
     if (verbose) {
         console.log(`[DatabaseProvider] Creating database with provider: ${selectedProvider}`);
         console.log(`[DatabaseProvider] Database path: ${path}`);
@@ -178,6 +191,48 @@ export async function createDatabase(path, options = {}) {
 export function getPlatformInfo() {
     return detectPlatform();
 }
+/**
+ * Read `memory.backend` from the project's `moflo.yaml`, resolve any
+ * deprecated aliases (sql.js → node-sqlite), and return a value
+ * `selectProvider()` understands. Returns `null` on any failure so
+ * `createDatabase()` cleanly falls back to platform auto-detection
+ * — config loading must never break the runtime.
+ *
+ * Wrapped in a dynamic import so the memory subtree doesn't pull
+ * `js-yaml` / `fs` into hot paths (e.g. the in-memory test backend).
+ *
+ * Memoised per (cwd, process) — a test suite or daemon that opens many
+ * DBs in sequence parses moflo.yaml once. Keyed on cwd so a test that
+ * `chdir`s into a temp dir gets a fresh resolution.
+ */
+const _resolvedProviderCache = new Map();
+async function preferredProviderFromConfig(verbose) {
+    const key = process.cwd();
+    if (_resolvedProviderCache.has(key)) {
+        return _resolvedProviderCache.get(key) ?? null;
+    }
+    try {
+        const { loadMofloConfig, resolveDatabaseProvider } = await import('../config/moflo-config.js');
+        const cfg = loadMofloConfig();
+        const resolved = resolveDatabaseProvider(cfg.memory.backend);
+        if (verbose) {
+            console.log(`[DatabaseProvider] moflo.yaml memory.backend="${cfg.memory.backend}" → ${resolved}`);
+        }
+        _resolvedProviderCache.set(key, resolved);
+        return resolved;
+    }
+    catch (err) {
+        if (verbose) {
+            console.warn(`[DatabaseProvider] Could not load moflo.yaml backend preference (${err.message}) — falling back to auto-detection`);
+        }
+        _resolvedProviderCache.set(key, null);
+        return null;
+    }
+}
+/** @internal — test hook only; resets the per-cwd cache between cases. */
+export function _resetPreferredProviderCache() {
+    _resolvedProviderCache.clear();
+}
 /**
  * Check which providers are available.
  *

package/dist/src/cli/memory/intelligence.js

@@ -10,31 +10,30 @@
  *
  * @module v3/cli/intelligence
  */
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
-import { homedir } from 'node:os';
+import { copyFileSync, existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { errorDetail } from '../shared/utils/error-detail.js';
+import { findProjectRoot } from '../services/project-root.js';
+import { MOFLO_DIR, mofloHomeDir } from '../services/moflo-paths.js';
 // ============================================================================
 // Persistence Configuration
 // ============================================================================
-/**
- * Get the data directory for neural pattern persistence
- * Uses .moflo/neural in the current working directory,
- * falling back to home directory
- */
+const NEURAL_SUBDIR = 'neural';
+const PATTERNS_FILE = 'patterns.json';
+const STATS_FILE = 'stats.json';
+// #1152: pre-fix builds wrote neural patterns to `~/.moflo/neural/` whenever
+// cwd lacked `.moflo`. The bleed was silent — every moflo-using project on
+// the machine shared one ReasoningBank. Resolver now anchors on
+// findProjectRoot() like neural-tools.ts (#829); legacy home-dir files are
+// copied (not moved) into the active project on first load so users do not
+// lose history when older co-installed projects still point at the home-dir
+// copy.
 function getDataDir() {
-    const cwd = process.cwd();
-    const localDir = join(cwd, '.moflo', 'neural');
-    const homeDir = join(homedir(), '.moflo', 'neural');
-    // Prefer local directory if .moflo exists
-    if (existsSync(join(cwd, '.moflo'))) {
-        return localDir;
-    }
-    return homeDir;
+    return join(findProjectRoot(), MOFLO_DIR, NEURAL_SUBDIR);
+}
+function getLegacyDataDir() {
+    return join(mofloHomeDir(), NEURAL_SUBDIR);
 }
-/**
- * Ensure the data directory exists
- */
 function ensureDataDir() {
     const dir = getDataDir();
     if (!existsSync(dir)) {
@@ -42,17 +41,36 @@ function ensureDataDir() {
     }
     return dir;
 }
-/**
- * Get the patterns file path
- */
 function getPatternsPath() {
-    return join(getDataDir(), 'patterns.json');
+    return join(getDataDir(), PATTERNS_FILE);
 }
-/**
- * Get the stats file path
- */
 function getStatsPath() {
-    return join(getDataDir(), 'stats.json');
+    return join(getDataDir(), STATS_FILE);
+}
+// Latch is intentionally not async-safe — all I/O in this module is
+// synchronous so re-entry only happens via clearIntelligence() in tests.
+let legacyMigrationAttempted = false;
+function migrateLegacyIfNeeded() {
+    if (legacyMigrationAttempted)
+        return;
+    legacyMigrationAttempted = true;
+    const legacyDir = getLegacyDataDir();
+    const localDir = getDataDir();
+    if (legacyDir === localDir)
+        return;
+    for (const file of [PATTERNS_FILE, STATS_FILE]) {
+        const legacy = join(legacyDir, file);
+        const local = join(localDir, file);
+        if (existsSync(legacy) && !existsSync(local)) {
+            try {
+                mkdirSync(localDir, { recursive: true });
+                copyFileSync(legacy, local);
+            }
+            catch {
+                // Best-effort migration; failures fall through to a fresh local store.
+            }
+        }
+    }
 }
 // ============================================================================
 // Default Configuration
@@ -173,6 +191,7 @@ class LocalReasoningBank {
      */
     loadFromDisk() {
         try {
+            migrateLegacyIfNeeded();
             const path = getPatternsPath();
             if (existsSync(path)) {
                 const data = JSON.parse(readFileSync(path, 'utf-8'));
@@ -207,6 +226,13 @@ class LocalReasoningBank {
      * Immediately flush patterns to disk
      */
     flushToDisk() {
+        // Cancel any pending debounced save — we are writing right now and the
+        // deferred handler would otherwise fire post-teardown on short-lived
+        // processes (test runners hit this as a Windows EPERM during cleanup).
+        if (this.saveTimeout) {
+            clearTimeout(this.saveTimeout);
+            this.saveTimeout = null;
+        }
         if (!this.persistenceEnabled || !this.dirty)
             return;
         try {
@@ -368,6 +394,7 @@ let globalStats = {
  */
 function loadPersistedStats() {
     try {
+        migrateLegacyIfNeeded();
         const path = getStatsPath();
         if (existsSync(path)) {
             const data = JSON.parse(readFileSync(path, 'utf-8'));
@@ -605,6 +632,7 @@ export function clearIntelligence() {
     sonaCoordinator = null;
     reasoningBank = null;
     intelligenceInitialized = false;
+    legacyMigrationAttempted = false;
     globalStats = {
         trajectoriesRecorded: 0,
         lastAdaptation: null

package/dist/src/cli/memory/memory-initializer.js

@@ -2220,32 +2220,42 @@ export async function deleteEntry(options) {
     }
 }
 /**
- * Get per-namespace entry counts via a single GROUP BY query.
- * Returns { namespaces: Record<string, number>, total: number }.
+ * Get memory stats via a single GROUP BY query — namespace counts plus the
+ * number of rows that carry a non-null embedding. One trip to disk; the
+ * server-side aggregation replaces a pre-#1149 client iteration that
+ * fetched 100 000 rows just to count them.
+ *
+ * Throws on DB read errors. Returns a zero shape ONLY when the DB file
+ * doesn't exist yet (the real "empty project" signal) — never swallows a
+ * locked/corrupt-DB error into a fake zero, since that's the exact silent
+ * wrong-answer this fix is for.
  */
 export async function getNamespaceCounts(dbPath) {
     const resolvedPath = dbPath || memoryDbPath(process.cwd());
+    if (!fs.existsSync(resolvedPath)) {
+        return { namespaces: {}, total: 0, withEmbeddings: 0 };
+    }
+    const db = openDaemonDatabase(resolvedPath);
     try {
-        if (!fs.existsSync(resolvedPath)) {
-            return { namespaces: {}, total: 0 };
-        }
-        const db = openDaemonDatabase(resolvedPath);
-        const result = db.exec("SELECT namespace, COUNT(*) as cnt FROM memory_entries WHERE status = 'active' GROUP BY namespace ORDER BY cnt DESC");
-        db.close();
+        const result = db.exec("SELECT namespace, COUNT(*) AS cnt, SUM(CASE WHEN embedding IS NOT NULL THEN 1 ELSE 0 END) AS emb_cnt " +
+            "FROM memory_entries WHERE status = 'active' GROUP BY namespace ORDER BY cnt DESC");
         const namespaces = {};
         let total = 0;
+        let withEmbeddings = 0;
         if (result[0]?.values) {
             for (const row of result[0].values) {
                 const ns = String(row[0]);
                 const count = Number(row[1]);
+                const embCount = Number(row[2] ?? 0);
                 namespaces[ns] = count;
                 total += count;
+                withEmbeddings += embCount;
             }
         }
-        return { namespaces, total };
+        return { namespaces, total, withEmbeddings };
     }
-    catch {
-        return { namespaces: {}, total: 0 };
+    finally {
+        db.close();
     }
 }
 export default {