moflo 4.8.59 → 4.8.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/package.json +2 -2
  2. package/src/modules/cli/dist/src/version.js +1 -1
  3. package/src/modules/cli/package.json +1 -1
  4. package/src/modules/spells/dist/core/bwrap-sandbox.js +10 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "moflo",
3
- "version": "4.8.59",
3
+ "version": "4.8.60",
4
4
  "description": "MoFlo — AI agent orchestration for Claude Code. Forked from ruflo/claude-flow with patches applied to source, plus feature-level orchestration.",
5
5
  "main": "dist/index.js",
6
6
  "type": "module",
@@ -111,7 +111,7 @@
111
111
  "@types/js-yaml": "^4.0.9",
112
112
  "@types/node": "^20.19.37",
113
113
  "eslint": "^8.0.0",
114
- "moflo": "^4.8.58",
114
+ "moflo": "^4.8.59",
115
115
  "tsx": "^4.21.0",
116
116
  "typescript": "^5.9.3",
117
117
  "vitest": "^4.0.0"
package/src/modules/cli/dist/src/version.js CHANGED
@@ -2,5 +2,5 @@
2
2
  * Auto-generated by build. Do not edit manually.
3
3
  * Source of truth: root package.json → scripts/sync-version.mjs
4
4
  */
5
- export const VERSION = '4.8.59';
5
+ export const VERSION = '4.8.60';
6
6
  //# sourceMappingURL=version.js.map
package/src/modules/cli/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@moflo/cli",
3
- "version": "4.8.59",
3
+ "version": "4.8.60",
4
4
  "type": "module",
5
5
  "main": "dist/src/index.js",
6
6
  "types": "dist/src/index.d.ts",
package/src/modules/spells/dist/core/bwrap-sandbox.js CHANGED
@@ -58,9 +58,12 @@ function needsToolHomeAccess(level) {
58
58
  * - fs:write unscoped -> --bind (read-write) for projectRoot
59
59
  * - net -> omit --unshare-net
60
60
  *
61
- * When `options.permissionLevel` is `elevated` or `autonomous`, also bind a
62
- * narrow allowlist of CLI-tool home paths writable via `--bind-try` so that
63
- * spawned subcommands (claude, gh, git, npm) can persist their state.
61
+ * When `options.permissionLevel` is `elevated` or `autonomous`, also:
62
+ * - Bind a narrow allowlist of CLI-tool home paths writable via `--bind-try`
63
+ * so spawned subcommands (claude, gh, git, npm) can persist state.
64
+ * - Share the host network (omit `--unshare-net`) so those tools can reach
65
+ * their APIs (api.anthropic.com, api.github.com, etc.). Without this,
66
+ * `claude -p` and similar commands fail with DNS/connection errors.
64
67
  */
65
68
  export function buildBwrapArgs(command, capabilities, projectRoot, options = {}) {
66
69
  const args = [];
@@ -117,8 +120,11 @@ export function buildBwrapArgs(command, capabilities, projectRoot, options = {})
117
120
  }
118
121
  }
119
122
  // ── Network isolation ───────────────────────────────────────────────
123
+ // Elevated/autonomous steps spawn CLI tools (claude, gh, git, npm) that
124
+ // need network to reach their APIs. Keep the host network for those,
125
+ // mirroring the tool-home-paths policy.
120
126
  const hasNet = capabilities.some(c => c.type === 'net');
121
- if (!hasNet) {
127
+ if (!hasNet && !needsToolHomeAccess(options.permissionLevel)) {
122
128
  args.push('--unshare-net');
123
129
  }
124
130
  // ── PID isolation (always) ──────────────────────────────────────────