moflo 4.8.3 → 4.8.4

package/.claude/helpers/gate.cjs

@@ -39,21 +39,119 @@ function loadGateConfig() {
 var config = loadGateConfig();
 var command = process.argv[2];
 
-var EXEMPT = ['.claude/', '.claude\\', 'CLAUDE.md', 'MEMORY.md', 'workflow-state', 'node_modules'];
 var DANGEROUS = ['rm -rf /', 'format c:', 'del /s /q c:\\', ':(){:|:&};:', 'mkfs.', '> /dev/sda'];
 var DIRECTIVE_RE = /^(yes|no|yeah|yep|nope|sure|ok|okay|correct|right|exactly|perfect)\b/i;
 var TASK_RE = /\b(fix|bug|error|implement|add|create|build|write|refactor|debug|test|feature|issue|security|optimi)\b/i;
 
+// Deny a tool call cleanly via structured JSON (no "hook error" noise).
+// Exit 0 + permissionDecision:"deny" is the Claude Code way to block a tool.
+function blockTool(reason) {
+  console.log(JSON.stringify({
+    hookSpecificOutput: {
+      hookEventName: 'PreToolUse',
+      permissionDecision: 'deny',
+      permissionDecisionReason: reason
+    }
+  }));
+  process.exit(0);
+}
+
+// Determine if a Grep/Glob target is a mechanical/administrative search
+// that should bypass the memory-first gate. The idea: if memory/guidance
+// wouldn't improve the search outcome, don't block it.
+//
+// Strategy: path is the strongest signal. When a path clearly points to
+// tooling/deps/tests, allow it. When it points to source/docs/scripts,
+// block it (require memory). Pattern-based rules only kick in when there's
+// no path or when the path is neutral.
+function isMechanicalSearch() {
+  var searchPath = (process.env.TOOL_INPUT_path || '').replace(/\\/g, '/').toLowerCase();
+  var pattern = (process.env.TOOL_INPUT_pattern || '').toLowerCase();
+  var filePath = (process.env.TOOL_INPUT_file_path || '').replace(/\\/g, '/').toLowerCase();
+  var anyPath = searchPath || filePath;
+
+  // --- PATH-BASED RULES (strongest signal, checked first) ---
+
+  if (anyPath) {
+    // Always mechanical: dependencies, tooling internals, CI, test dirs
+    var mechanicalPaths = [
+      'node_modules/', '.claude/', '.claude-flow/', '.swarm/', '.github/',
+      'tests/', 'test/', 'config/', 'examples/',
+    ];
+    for (var i = 0; i < mechanicalPaths.length; i++) {
+      if (anyPath.indexOf(mechanicalPaths[i]) >= 0) return true;
+    }
+
+    // Targeting a specific config/meta file by path extension
+    if (/\.(json|yaml|yml|toml|lock|env|cjs|mjs)$/i.test(anyPath)) return true;
+
+    // If path points to source, docs, or scripts — these are knowledge-rich.
+    // Do NOT fall through to pattern-based exemptions; the path is authoritative.
+    // (Still allow test-file glob patterns even within source dirs.)
+    var knowledgePaths = [
+      'src/', 'back-office/', 'front-office/', 'docs/', 'scripts/', 'lib/',
+    ];
+    var inKnowledgePath = false;
+    for (var k = 0; k < knowledgePaths.length; k++) {
+      if (anyPath.indexOf(knowledgePaths[k]) >= 0) { inKnowledgePath = true; break; }
+    }
+    if (inKnowledgePath) {
+      // Exception: searching for test/spec files within source is structural
+      if (/\*\*?[/\\]?\*?\.(test|spec)\.(ts|js|tsx|jsx)\b/i.test(pattern)) return true;
+      // Everything else in a knowledge path requires memory
+      return false;
+    }
+  }
+
+  // --- PATTERN-BASED RULES (no path, or path is neutral) ---
+
+  // Glob patterns looking for config/build/tooling files by extension
+  if (/\*\*?[/\\]?\*?\.(json|yaml|yml|toml|lock|env|config|cjs|mjs)\b/i.test(pattern)) return true;
+
+  // Glob patterns for specific config filenames (eslintrc, Dockerfile, etc.)
+  if (/\*\*?[/\\]?\*?\.?(eslint|prettier|babel|stylelint|editor|git|docker|nginx|jest|vitest|vite|webpack|rollup|esbuild|tsconfig|browserslist)/i.test(pattern)) return true;
+
+  // Glob patterns for lock files and test files (structural lookups)
+  if (/\*\*?[/\\]?\*?[\w-]*[-.]lock\b/i.test(pattern)) return true;
+  if (/\*\*?[/\\]?\*?\.(test|spec)\.(ts|js|tsx|jsx)\b/i.test(pattern)) return true;
+
+  // Config/tooling name searches (bare names without a path).
+  // Only exempt if ALL tokens in a pipe-separated pattern are config names.
+  // "webpack|vite" = exempt. "webpack|merchant" = NOT exempt.
+  var CONFIG_NAME = /^\.?(eslint|prettier|babel|stylelint|editor|gitignore|gitattributes|dockerignore|dockerfile|docker-compose|nginx|jest|vitest|vite|webpack|rollup|esbuild|tsconfig|changelog|license|makefile|procfile|browserslist|commitlint|husky|lint-staged)\b/i;
+  var tokens = pattern.split(/[|,\s]+/).filter(function(t) { return t.length > 0; });
+  if (tokens.length > 0 && tokens.every(function(t) { return CONFIG_NAME.test(t.trim()); })) return true;
+
+  // Known tooling/meta file names as substrings (but avoid false matches like "process.env")
+  var toolingNames = [
+    'claude.md', 'memory.md', 'workflow-state', '.mcp.json',
+    'package.json', 'package-lock', 'daemon.lock', 'moflo.yaml',
+  ];
+  var target = pattern + ' ' + anyPath;
+  for (var j = 0; j < toolingNames.length; j++) {
+    if (target.indexOf(toolingNames[j]) >= 0) return true;
+  }
+
+  // Env file lookups (but NOT "process.env" which is source code searching)
+  if (/^\.env\b/.test(pattern) || /\*\*?[/\\]?\.env/.test(pattern)) return true;
+
+  // Git/process/system-level pattern searches
+  if (/^(git\b|pid|daemon|lock|wmic|tasklist|powershell|ps\s)/i.test(pattern)) return true;
+
+  // CI/CD folder exploration
+  if (/\.github/i.test(pattern)) return true;
+
+  return false;
+}
+
 switch (command) {
   case 'check-before-agent': {
     var s = readState();
     if (config.task_create_first && !s.tasksCreated) {
-      console.log('BLOCKED: Call TaskCreate before spawning agents.');
-      process.exit(1);
+      blockTool('Call TaskCreate before spawning agents. Task tool is blocked until then.');
     }
     if (config.memory_first && !s.memorySearched) {
-      console.log('BLOCKED: Search memory before spawning agents.');
-      process.exit(1);
+      blockTool('Search memory before spawning agents. Use mcp__claude-flow__memory_search first.');
     }
     break;
   }
@@ -61,31 +159,21 @@ switch (command) {
     if (!config.memory_first) break;
     var s = readState();
     if (s.memorySearched || !s.memoryRequired) break;
-    var target = (process.env.TOOL_INPUT_pattern || '') + ' ' + (process.env.TOOL_INPUT_path || '');
-    if (EXEMPT.some(function(p) { return target.indexOf(p) >= 0; })) break;
-    var now = Date.now();
-    var last = s.lastBlockedAt ? new Date(s.lastBlockedAt).getTime() : 0;
-    if (now - last > 2000) {
-      s.lastBlockedAt = new Date(now).toISOString();
-      writeState(s);
-      console.log('BLOCKED: Search memory before exploring files.');
-    }
-    process.exit(1);
+    if (isMechanicalSearch()) break;
+    s.lastBlockedAt = new Date().toISOString();
+    writeState(s);
+    blockTool('Search memory before exploring files. Use mcp__claude-flow__memory_search with namespace "code-map", "patterns", "knowledge", or "guidance".');
   }
   case 'check-before-read': {
     if (!config.memory_first) break;
     var s = readState();
     if (s.memorySearched || !s.memoryRequired) break;
-    var fp = process.env.TOOL_INPUT_file_path || '';
-    if (fp.indexOf('.claude/guidance/') < 0 && fp.indexOf('.claude\\guidance\\') < 0) break;
-    var now = Date.now();
-    var last = s.lastBlockedAt ? new Date(s.lastBlockedAt).getTime() : 0;
-    if (now - last > 2000) {
-      s.lastBlockedAt = new Date(now).toISOString();
-      writeState(s);
-      console.log('BLOCKED: Search memory before reading guidance files.');
-    }
-    process.exit(1);
+    var fp = (process.env.TOOL_INPUT_file_path || '').replace(/\\/g, '/');
+    // Block reads of guidance files (that's exactly what memory indexes)
+    if (fp.indexOf('.claude/guidance/') < 0) break;
+    s.lastBlockedAt = new Date().toISOString();
+    writeState(s);
+    blockTool('Search memory before reading guidance files. Use mcp__claude-flow__memory_search with namespace "guidance".');
   }
   case 'record-task-created': {
     var s = readState();

package/README.md

@@ -4,8 +4,6 @@
 
 # MoFlo
 
-**⚠️ MoFlo is experimental software. APIs, commands, and behavior may change without notice.**
-
 **An opinionated fork of [Ruflo/Claude Flow](https://github.com/ruvnet/ruflo), optimized for local development.**
 
 MoFlo adds automatic code and guidance cataloging along with memory gating on top of the original Ruflo/Claude Flow orchestration engine. Where the upstream project provides raw building blocks, MoFlo ships opinionated defaults — workflow gates that enforce memory-first patterns, semantic indexing that runs at session start, and learned routing that improves over time — so you get a productive setup from `flo init` without manual tuning.
@@ -477,6 +475,16 @@ When `flo init` runs, it appends a workflow section to your CLAUDE.md that teach
 
 MoFlo builds on top of the full [Ruflo/Claude Flow](https://github.com/ruvnet/ruflo) engine. For detailed documentation on the underlying capabilities — swarm topologies, hive-mind consensus, HNSW vector search, neural routing, MCP server internals, and more — check out the [Ruflo repository](https://github.com/ruvnet/ruflo).
 
+## Why I Made This
+
+[Ruflo/Claude Flow](https://github.com/ruvnet/ruflo) is an incredible piece of work. The engineering that [rUv](https://github.com/ruvnet) and the contributors have put into it — swarm topologies, hive-mind consensus, HNSW vector search, neural routing, and so much more — makes it one of the most comprehensive agent orchestration frameworks available. It's a massive, versatile toolbox built to support a wide range of scenarios: distributed systems, multi-agent swarms, enterprise orchestration, research workflows, and beyond.
+
+My use case was just one of those many scenarios: day-to-day local coding, enhancing my normal Claude Code experience on a single project. Claude Flow absolutely supports this — it's all in there — but because the project serves so many different needs, I found myself spending time configuring and tailoring things for my specific workflow each time I pulled in updates. That's not a shortcoming of the project; it's the natural trade-off of a tool designed to be that flexible and powerful.
+
+So I forked the excellent foundation and narrowed the focus to my particular corner of it. I baked in the defaults I kept setting manually, added automatic indexing and memory gating at session start, and tuned the out-of-box experience so that `npm install` and `flo init` gets you straight to coding.
+
+If you're exploring the full breadth of what agent orchestration can do, go use [Ruflo/Claude Flow](https://github.com/ruvnet/ruflo) directly — it's the real deal. But if your needs are similar to mine — a focused, opinionated local dev setup that just works — then hopefully MoFlo saves you the same configuration time it saves me.
+
 ## License
 
 MIT (inherited from [Ruflo/Claude Flow](https://github.com/ruvnet/ruflo))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.8.3",
+  "version": "4.8.4",
   "description": "MoFlo — AI agent orchestration for Claude Code. Forked from ruflo/claude-flow with patches applied to source, plus feature-level orchestration.",
   "main": "dist/index.js",
   "type": "module",

package/src/@claude-flow/cli/dist/src/commands/doctor.js

@@ -407,47 +407,69 @@ async function checkAgenticFlow() {
         return { name: 'agentic-flow', status: 'warn', message: 'Check failed' };
     }
 }
-// Find and optionally kill orphaned moflo/claude-flow node processes
+// Check whether a given PID is still running.
+// Uses signal 0 which works cross-platform (Windows, Linux, macOS) without
+// needing PowerShell or /proc — Node handles the platform abstraction.
+function isProcessAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+// Find and optionally kill orphaned moflo/claude-flow node processes.
+// A process is only "orphaned" if its parent is no longer alive — meaning
+// nothing will clean it up. MCP servers spawned by a live Claude Code session
+// have a live parent (claude.exe) and must not be flagged.
 async function findZombieProcesses(kill = false) {
     const legitimatePid = getDaemonLockHolder(process.cwd());
     const currentPid = process.pid;
     const parentPid = process.ppid;
     const found = [];
     let killed = 0;
+    // Collect candidates as { pid, ppid } so we can check parent liveness
+    const candidates = [];
     try {
         if (process.platform === 'win32') {
-            // Windows: use WMIC to find node processes with moflo/claude-flow in command line
-            const result = execSync('powershell -NoProfile -Command "Get-CimInstance Win32_Process -Filter \\"Name=\'node.exe\'\\" | Select-Object ProcessId,CommandLine | Format-Table -AutoSize -Wrap"', { encoding: 'utf-8', timeout: 10000, windowsHide: true });
+            // Windows: include ParentProcessId so we can verify orphan status
+            const result = execSync('powershell -NoProfile -Command "Get-CimInstance Win32_Process -Filter \\"Name=\'node.exe\'\\" | Select-Object ProcessId,ParentProcessId,CommandLine | Format-Table -AutoSize -Wrap"', { encoding: 'utf-8', timeout: 10000, windowsHide: true });
             const lines = result.split('\n');
             for (const line of lines) {
                 if (/moflo|claude-flow|flo\s+(hooks|gate|mcp|daemon)/i.test(line)) {
-                    const pidMatch = line.match(/^\s*(\d+)/);
-                    if (pidMatch) {
-                        const pid = parseInt(pidMatch[1], 10);
-                        // Skip our own process, parent, and the legitimate daemon
-                        if (pid === currentPid || pid === parentPid || pid === legitimatePid)
-                            continue;
-                        found.push(pid);
+                    // Format-Table columns: ProcessId  ParentProcessId  CommandLine...
+                    const match = line.match(/^\s*(\d+)\s+(\d+)/);
+                    if (match) {
+                        candidates.push({ pid: parseInt(match[1], 10), ppid: parseInt(match[2], 10) });
                     }
                 }
             }
         }
         else {
-            // Unix/macOS: use ps to find node processes
-            const result = execSync('ps aux | grep -E "node.*(moflo|claude-flow)" | grep -v grep', { encoding: 'utf-8', timeout: 5000 });
+            // Unix/macOS: use ps with explicit PID+PPID columns for reliable parsing
+            const result = execSync('ps -eo pid,ppid,command | grep -E "node.*(moflo|claude-flow)" | grep -v grep', { encoding: 'utf-8', timeout: 5000 });
             const lines = result.trim().split('\n');
             for (const line of lines) {
-                const parts = line.trim().split(/\s+/);
-                const pid = parseInt(parts[1], 10);
-                if (pid === currentPid || pid === parentPid || pid === legitimatePid)
-                    continue;
-                found.push(pid);
+                const match = line.trim().match(/^(\d+)\s+(\d+)/);
+                if (match) {
+                    candidates.push({ pid: parseInt(match[1], 10), ppid: parseInt(match[2], 10) });
+                }
             }
         }
     }
     catch {
         // No matches found (grep exits non-zero) or command failed
     }
+    // Filter: skip known-good PIDs and processes whose parent is still alive.
+    // A live parent (e.g. claude.exe for MCP servers) means the process is managed, not orphaned.
+    for (const { pid, ppid } of candidates) {
+        if (pid === currentPid || pid === parentPid || pid === legitimatePid)
+            continue;
+        if (isProcessAlive(ppid))
+            continue;
+        found.push(pid);
+    }
     if (kill && found.length > 0) {
         for (const pid of found) {
             try {