moflo 4.8.58 → 4.8.60

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.8.58",
+  "version": "4.8.60",
   "description": "MoFlo — AI agent orchestration for Claude Code. Forked from ruflo/claude-flow with patches applied to source, plus feature-level orchestration.",
   "main": "dist/index.js",
   "type": "module",
@@ -111,7 +111,7 @@
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^20.19.37",
     "eslint": "^8.0.0",
-    "moflo": "^4.8.57",
+    "moflo": "^4.8.59",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"

package/src/modules/cli/dist/src/config/moflo-config.js

@@ -78,7 +78,7 @@ const DEFAULT_CONFIG = {
         helpers: true,
     },
     sandbox: {
-        enabled: true,
+        enabled: false,
         tier: 'auto',
     },
     epic: {
@@ -359,7 +359,7 @@ auto_update:
 # OS-level sandbox for spell bash steps
 # Denylist always runs regardless of this setting
 sandbox:
-  enabled: true                  # false to disable OS sandbox (keeps denylist)
+  enabled: false                 # true to enable OS sandbox (denylist runs either way)
   tier: auto                     # auto | denylist-only | full
                                  # auto = best available, graceful fallback
                                  # denylist-only = skip OS sandbox

package/src/modules/cli/dist/src/version.js

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.8.58';
+export const VERSION = '4.8.60';
 //# sourceMappingURL=version.js.map

package/src/modules/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@moflo/cli",
-  "version": "4.8.58",
+  "version": "4.8.60",
   "type": "module",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",

package/src/modules/spells/dist/core/bwrap-sandbox.js

@@ -58,9 +58,12 @@ function needsToolHomeAccess(level) {
  *   - fs:write unscoped -> --bind (read-write) for projectRoot
  *   - net              -> omit --unshare-net
  *
- * When `options.permissionLevel` is `elevated` or `autonomous`, also bind a
- * narrow allowlist of CLI-tool home paths writable via `--bind-try` so that
- * spawned subcommands (claude, gh, git, npm) can persist their state.
+ * When `options.permissionLevel` is `elevated` or `autonomous`, also:
+ *   - Bind a narrow allowlist of CLI-tool home paths writable via `--bind-try`
+ *     so spawned subcommands (claude, gh, git, npm) can persist state.
+ *   - Share the host network (omit `--unshare-net`) so those tools can reach
+ *     their APIs (api.anthropic.com, api.github.com, etc.). Without this,
+ *     `claude -p` and similar commands fail with DNS/connection errors.
  */
 export function buildBwrapArgs(command, capabilities, projectRoot, options = {}) {
     const args = [];
@@ -117,8 +120,11 @@ export function buildBwrapArgs(command, capabilities, projectRoot, options = {})
         }
     }
     // ── Network isolation ───────────────────────────────────────────────
+    // Elevated/autonomous steps spawn CLI tools (claude, gh, git, npm) that
+    // need network to reach their APIs. Keep the host network for those,
+    // mirroring the tool-home-paths policy.
     const hasNet = capabilities.some(c => c.type === 'net');
-    if (!hasNet) {
+    if (!hasNet && !needsToolHomeAccess(options.permissionLevel)) {
         args.push('--unshare-net');
     }
     // ── PID isolation (always) ──────────────────────────────────────────

package/src/modules/spells/dist/core/platform-sandbox.js

@@ -15,7 +15,7 @@ import { execSync } from 'node:child_process';
 import { existsSync } from 'node:fs';
 import { platform } from 'node:os';
 export const DEFAULT_SANDBOX_CONFIG = {
-    enabled: true,
+    enabled: false,
     tier: 'auto',
 };
 // ============================================================================