moflo 4.8.60 → 4.8.63

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.8.60",
+  "version": "4.8.63",
   "description": "MoFlo — AI agent orchestration for Claude Code. Forked from ruflo/claude-flow with patches applied to source, plus feature-level orchestration.",
   "main": "dist/index.js",
   "type": "module",
@@ -93,6 +93,7 @@
   },
   "dependencies": {
     "js-yaml": "^4.1.1",
+    "lru-cache": "^11.3.5",
     "semver": "^7.7.4",
     "sql.js": "^1.14.1",
     "valibot": "^1.3.1"
@@ -111,7 +112,7 @@
     "@types/js-yaml": "^4.0.9",
     "@types/node": "^20.19.37",
     "eslint": "^8.0.0",
-    "moflo": "^4.8.59",
+    "moflo": "^4.8.61",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"

package/src/modules/cli/dist/src/version.js

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.8.60';
+export const VERSION = '4.8.63';
 //# sourceMappingURL=version.js.map

package/src/modules/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@moflo/cli",
-  "version": "4.8.60",
+  "version": "4.8.63",
   "type": "module",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",

package/src/modules/memory/dist/cache-manager.js

@@ -24,6 +24,9 @@ export class CacheManager extends EventEmitter {
     head = null;
     tail = null;
     currentMemory = 0;
+    // Cache size estimates to avoid repeated JSON.stringify
+    sizeCache = new Map();
+    maxSizeCacheEntries = 10000;
     // Statistics
     stats = {
         hits: 0,
@@ -75,17 +78,21 @@ export class CacheManager extends EventEmitter {
         // Check if key already exists
         const existingNode = this.cache.get(key);
         if (existingNode) {
-            // Update existing entry
+            // Update existing entry - recalculate size if data changed
+            const oldSize = existingNode.estimatedSize;
+            const newSize = this.estimateSizeCached(key, data);
             existingNode.value.data = data;
             existingNode.value.cachedAt = now;
             existingNode.value.expiresAt = now + entryTtl;
             existingNode.value.lastAccessedAt = now;
+            existingNode.estimatedSize = newSize;
+            this.currentMemory = this.currentMemory - oldSize + newSize;
             this.moveToFront(existingNode);
             this.stats.writes++;
             return;
         }
-        // Calculate memory for new entry
-        const entryMemory = this.estimateSize(data);
+        // Calculate memory for new entry (with caching)
+        const entryMemory = this.estimateSizeCached(key, data);
         // Evict entries if needed for memory pressure
         if (this.config.maxMemory) {
             while (this.currentMemory + entryMemory > this.config.maxMemory &&
@@ -110,6 +117,7 @@ export class CacheManager extends EventEmitter {
             value: cachedEntry,
             prev: null,
             next: null,
+            estimatedSize: entryMemory, // Store computed size
         };
         // Add to cache
         this.cache.set(key, node);
@@ -128,7 +136,8 @@ export class CacheManager extends EventEmitter {
         }
         this.removeNode(node);
         this.cache.delete(key);
-        this.currentMemory -= this.estimateSize(node.value.data);
+        this.currentMemory -= node.estimatedSize; // Use cached size
+        this.sizeCache.delete(key); // Clean up size cache
         this.emit('cache:delete', { key });
         return true;
     }
@@ -149,11 +158,13 @@ export class CacheManager extends EventEmitter {
      * Clear all entries from the cache
      */
     clear() {
+        const previousSize = this.cache.size;
         this.cache.clear();
+        this.sizeCache.clear();
         this.head = null;
         this.tail = null;
         this.currentMemory = 0;
-        this.emit('cache:cleared', { previousSize: this.cache.size });
+        this.emit('cache:cleared', { previousSize });
     }
     /**
      * Get cache statistics
@@ -255,8 +266,37 @@ export class CacheManager extends EventEmitter {
     isExpired(entry) {
         return Date.now() > entry.expiresAt;
     }
+    /**
+     * OPTIMIZED: Cache size estimates to avoid repeated JSON.stringify
+     * This is called on every cache set and eviction, so caching saves significant CPU
+     */
+    estimateSizeCached(key, data) {
+        // Check if we have a cached size estimate
+        const cached = this.sizeCache.get(key);
+        if (cached !== undefined) {
+            return cached;
+        }
+        // Compute size
+        const size = this.estimateSize(data);
+        // Cache the result (with LRU eviction)
+        if (this.sizeCache.size >= this.maxSizeCacheEntries) {
+            const firstKey = this.sizeCache.keys().next().value;
+            if (firstKey !== undefined)
+                this.sizeCache.delete(firstKey);
+        }
+        this.sizeCache.set(key, size);
+        return size;
+    }
     estimateSize(data) {
         try {
+            // For primitive types, use fast path
+            if (typeof data === 'string') {
+                return data.length * 2;
+            }
+            if (typeof data === 'number' || typeof data === 'boolean') {
+                return 8;
+            }
+            // For objects, use JSON.stringify (but only once due to caching)
             return JSON.stringify(data).length * 2; // Rough UTF-16 estimate
         }
         catch {
@@ -298,9 +338,10 @@ export class CacheManager extends EventEmitter {
         if (!this.tail)
             return;
         const evictedKey = this.tail.key;
-        const evictedSize = this.estimateSize(this.tail.value.data);
+        const evictedSize = this.tail.estimatedSize; // Use cached size
         this.removeNode(this.tail);
         this.cache.delete(evictedKey);
+        this.sizeCache.delete(evictedKey); // Clean up size cache
         this.currentMemory -= evictedSize;
         this.stats.evictions++;
         this.emit('cache:eviction', { key: evictedKey });

package/src/modules/spells/dist/core/bwrap-sandbox.js

@@ -129,6 +129,14 @@ export function buildBwrapArgs(command, capabilities, projectRoot, options = {})
     }
     // ── PID isolation (always) ──────────────────────────────────────────
     args.push('--unshare-pid');
+    // ── Lifetime bound to parent ────────────────────────────────────────
+    // Without this, child processes spawned by the sandboxed command (e.g.
+    // node workers from `claude -p`) keep the PID namespace alive past the
+    // entry script's exit — bwrap waits for the namespace to drain even
+    // though the user-visible work is done. --die-with-parent makes bwrap
+    // and everything inside terminate when the spawning runner exits or
+    // sends a signal, guaranteeing cleanup on success and on timeout.
+    args.push('--die-with-parent');
     // ── Command ─────────────────────────────────────────────────────────
     args.push('bash', '-c', command);
     return args;

package/src/modules/spells/dist/core/platform-sandbox.js

@@ -12,8 +12,9 @@
  * @see https://github.com/eric-cielo/moflo/issues/409
  */
 import { execSync } from 'node:child_process';
-import { existsSync } from 'node:fs';
+import { existsSync, readFileSync } from 'node:fs';
 import { platform } from 'node:os';
+import { join } from 'node:path';
 export const DEFAULT_SANDBOX_CONFIG = {
     enabled: false,
     tier: 'auto',
@@ -129,6 +130,25 @@ export function resolveSandboxConfig(raw) {
 function isValidTier(value) {
     return value === 'auto' || value === 'denylist-only' || value === 'full';
 }
+/**
+ * Load sandbox config from a project's moflo.yaml.
+ * Returns DEFAULT_SANDBOX_CONFIG on any failure (missing file, parse error, etc.).
+ *
+ * Lets the spell engine auto-discover sandbox settings from the project root
+ * without forcing every caller (MCP tools, CLI adapters) to load moflo.yaml.
+ */
+export async function loadSandboxConfigFromProject(projectRoot) {
+    try {
+        const content = readFileSync(join(projectRoot, 'moflo.yaml'), 'utf-8');
+        const mod = await import('js-yaml');
+        const yaml = mod.default ?? mod;
+        const raw = yaml.load(content);
+        return resolveSandboxConfig(raw?.sandbox);
+    }
+    catch {
+        return DEFAULT_SANDBOX_CONFIG;
+    }
+}
 /**
  * Combine detected capability with user config to determine effective sandbox behavior.
  *

package/src/modules/spells/dist/factory/runner-bridge.js

@@ -8,7 +8,20 @@
  * This module is the integration point between MCP spell tools
  * and the SpellCaster engine.
  */
+import { loadSandboxConfigFromProject } from '../core/platform-sandbox.js';
 import { createRunner, runSpellFromContent } from './runner-factory.js';
+/**
+ * Resolve sandbox config: prefer caller-supplied; fall back to auto-loading
+ * from moflo.yaml at projectRoot. Returns undefined when neither is available
+ * (runner falls back to DEFAULT_SANDBOX_CONFIG with denylist-only).
+ */
+async function resolveSandbox(explicit, projectRoot) {
+    if (explicit)
+        return explicit;
+    if (!projectRoot)
+        return undefined;
+    return loadSandboxConfigFromProject(projectRoot);
+}
 // Track active spells for cancellation
 const activeSpells = new Map();
 // ============================================================================
@@ -22,6 +35,7 @@ export async function bridgeRunSpell(content, sourceFile, args, options = {}) {
     const controller = new AbortController();
     activeSpells.set(spellId, controller);
     try {
+        const sandboxConfig = await resolveSandbox(options.sandboxConfig, options.projectRoot);
         const result = await runSpellFromContent(content, sourceFile, {
             spellId,
             args,
@@ -30,6 +44,7 @@ export async function bridgeRunSpell(content, sourceFile, args, options = {}) {
             memory: options.memory,
             credentials: options.credentials,
             ...(options.projectRoot ? { projectRoot: options.projectRoot } : {}),
+            ...(sandboxConfig ? { sandboxConfig } : {}),
         });
         return result;
     }
@@ -45,11 +60,13 @@ export async function bridgeExecuteSpell(definition, args, options = {}) {
     const controller = new AbortController();
     activeSpells.set(spellId, controller);
     try {
+        const sandboxConfig = await resolveSandbox(options.sandboxConfig, options.projectRoot);
         const runner = createRunner({ memory: options.memory, credentials: options.credentials });
         return await runner.run(definition, args, {
             spellId,
             signal: controller.signal,
             ...(options.projectRoot ? { projectRoot: options.projectRoot } : {}),
+            ...(sandboxConfig ? { sandboxConfig } : {}),
         });
     }
     finally {

package/src/modules/spells/dist/index.js

@@ -19,7 +19,7 @@ export { GatedConnectorAccessor } from './core/gated-connector-accessor.js';
 export { checkCapabilities, } from './core/capability-validator.js';
 export { CapabilityGateway, CapabilityDeniedError, DenyAllGateway, DENY_ALL_GATEWAY, discloseStep, discloseSpell, formatStepDisclosure, formatSpellDisclosure, } from './core/capability-gateway.js';
 export { collectPrerequisites, checkPrerequisites, formatPrerequisiteErrors, commandExists, } from './core/prerequisite-checker.js';
-export { detectSandboxCapability, resetSandboxCache, resolveSandboxConfig, resolveEffectiveSandbox, formatSandboxLog, DEFAULT_SANDBOX_CONFIG, } from './core/platform-sandbox.js';
+export { detectSandboxCapability, resetSandboxCache, resolveSandboxConfig, resolveEffectiveSandbox, formatSandboxLog, loadSandboxConfigFromProject, DEFAULT_SANDBOX_CONFIG, } from './core/platform-sandbox.js';
 export { resolveScopePath, } from './core/sandbox-utils.js';
 export { generateSandboxProfile, wrapWithSandboxExec, } from './core/sandbox-profile.js';
 export { buildBwrapArgs, wrapWithBwrap, } from './core/bwrap-sandbox.js';