npm - moflo - Versions diffs - 4.9.0-rc.3 → 4.9.0-rc.4 - Mend

moflo 4.9.0-rc.3 → 4.9.0-rc.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.claude/helpers/statusline.cjs +9 -13
package/bin/lib/db-repair.mjs +100 -0
package/bin/session-start-launcher.mjs +47 -0
package/dist/src/cli/version.js +1 -1
package/package.json +2 -2

package/.claude/helpers/statusline.cjs CHANGED Viewed

@@ -602,33 +602,29 @@ function getIntegrationStatus() {
   return { mcpServers, hasDatabase, hasApi };
 }
-// Upgrade notice (#636, #738) — written by the session-start launcher; null
-// when missing, expired, or malformed. The launcher writes status='in-progress'
-// while upgrade work is running, then deletes the file when done — so a
-// 'complete' status only ever shows up here for legacy notice files left by
-// pre-#738 launchers.
+// Upgrade notice (#636, #738, #743) — written by the session-start launcher
+// ONLY while upgrade work is in flight; the launcher deletes the file when
+// work completes. We render it strictly for status='in-progress' so a stale
+// notice (legacy "complete" file from pre-#738 launchers, zombie write from
+// an aborted launcher, future writer mistakes) cannot turn the statusline
+// segment into a permanent column. The launcher's section 0-pre also drops
+// any leftover file at session start as a second line of defence.
 function getUpgradeNotice() {
   const data = readJSON(path.join(CWD, '.moflo', 'upgrade-notice.json'));
   if (!data || typeof data !== 'object') return null;
+  if (data.status !== 'in-progress') return null;
   const expiresAt = data.expiresAt ? new Date(data.expiresAt).getTime() : 0;
   if (!expiresAt || Date.now() > expiresAt) return null;
   return {
-    status: data.status === 'in-progress' ? 'in-progress' : 'complete',
     kind: data.kind === 'repair' ? 'repair' : 'upgrade',
     from: typeof data.from === 'string' ? data.from : '',
     to: typeof data.to === 'string' ? data.to : '',
-    changes: typeof data.changes === 'number' && data.changes > 0 ? data.changes : 0,
   };
 }
 function formatUpgradeNoticeSegment(notice) {
   if (!notice) return '';
-  let suffix = '';
-  if (notice.status === 'in-progress') {
-    suffix = ` ${c.dim}(updating…)${c.reset}`;
-  } else if (notice.changes > 0) {
-    suffix = ` ${c.dim}(${notice.changes} ${notice.changes === 1 ? 'change' : 'changes'})${c.reset}`;
-  }
+  const suffix = ` ${c.dim}(updating…)${c.reset}`;
   if (notice.kind === 'repair') {
     return `${c.brightYellow}📦 install repaired${c.reset}${suffix}`;
   }

package/bin/lib/db-repair.mjs ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * Memory-DB integrity check + auto-REINDEX (story #743).
+ *
+ * The `.moflo/moflo.db` SQLite file routinely accumulates index corruption of
+ * the form `row N missing from index sqlite_autoindex_memory_entries_1` —
+ * the row data is intact, only the unique-key index has drifted. The most
+ * common trigger is sql.js's whole-file dump-on-flush behaviour racing with
+ * concurrent writes (see `feedback_sqljs_writeback_clobber.md` and #714).
+ *
+ * Symptoms when uncorrected:
+ *  - `index-guidance.mjs` and `index-patterns.mjs` fail mid-write with
+ *    `database disk image is malformed`, leaving partial state.
+ *  - The ephemeral-namespace purge (#729) fails silently, so hive-mind /
+ *    tasklist / epic-state / test-bridge-fix rows accumulate.
+ *  - Vector counts in the statusline stay inflated (observed: 4415 with
+ *    1025 unpurged ephemeral rows).
+ *
+ * Fix shape: REINDEX rebuilds indexes from the canonical row data — much less
+ * destructive than a full rebuild and works for the typical drift mode. If
+ * REINDEX itself fails to restore integrity we leave the file alone and
+ * report; manual `flo memory rebuild-index` is the fallback.
+ *
+ * MUST run BEFORE any long-lived sql.js consumer (MCP server, daemon) opens
+ * the DB and BEFORE the embeddings migration / soft-delete purge / ephemeral
+ * purge — those all swallow corruption errors and silently no-op.
+ */
+import { existsSync, readFileSync, writeFileSync } from 'node:fs';
+import { memoryDbPath } from './moflo-paths.mjs';
+let _initSqlJs = null;
+async function loadSqlJs() {
+  if (_initSqlJs) return _initSqlJs;
+  // sql.js is a hard dependency of moflo (see top-level package.json);
+  // resolving it from the consumer's node_modules works because the launcher
+  // runs from the consumer cwd.
+  const mod = await import('sql.js');
+  _initSqlJs = mod.default || mod;
+  return _initSqlJs;
+}
+function isOk(execResult) {
+  const rows = execResult?.[0]?.values ?? [];
+  return rows.length === 1 && rows[0]?.[0] === 'ok';
+}
+function corruptionCount(execResult) {
+  return execResult?.[0]?.values?.length ?? 0;
+}
+/**
+ * Probe the memory DB for index corruption and run REINDEX in place if
+ * found. Returns `{ repaired, errors, persistent }`:
+ *  - `repaired: true` and `errors > 0` when REINDEX restored integrity.
+ *  - `repaired: false, errors: 0` when the DB is healthy or absent.
+ *  - `repaired: false, errors > 0, persistent: true` when corruption survives
+ *    REINDEX (caller should surface to the user — manual rebuild needed).
+ *
+ * Never throws; any internal failure becomes `{ repaired: false, errors: 0 }`
+ * so a probe failure cannot block session start.
+ */
+export async function repairMemoryDbIfCorrupt(projectRoot) {
+  const dbPath = memoryDbPath(projectRoot);
+  if (!existsSync(dbPath)) return { repaired: false, errors: 0 };
+  let initSql;
+  try {
+    initSql = await loadSqlJs();
+  } catch {
+    return { repaired: false, errors: 0 };
+  }
+  let db = null;
+  try {
+    const SQL = await initSql();
+    const data = readFileSync(dbPath);
+    db = new SQL.Database(data);
+    const before = db.exec('PRAGMA integrity_check');
+    if (isOk(before)) {
+      return { repaired: false, errors: 0 };
+    }
+    const errors = corruptionCount(before);
+    db.run('REINDEX');
+    const after = db.exec('PRAGMA integrity_check');
+    if (!isOk(after)) {
+      return { repaired: false, errors, persistent: true };
+    }
+    const out = Buffer.from(db.export());
+    writeFileSync(dbPath, out);
+    return { repaired: true, errors };
+  } catch {
+    return { repaired: false, errors: 0 };
+  } finally {
+    if (db) try { db.close(); } catch { /* non-fatal */ }
+  }
+}

package/bin/session-start-launcher.mjs CHANGED Viewed

@@ -12,6 +12,7 @@ import { existsSync, readFileSync, writeFileSync, copyFileSync, unlinkSync, read
 import { resolve, dirname, join } from 'path';
 import { fileURLToPath } from 'url';
 import { migrateClaudeFlowToMoflo, migrateMemoryDbToMoflo, mofloDir } from './lib/moflo-paths.mjs';
+import { repairMemoryDbIfCorrupt } from './lib/db-repair.mjs';
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -91,6 +92,20 @@ function clearUpgradeNotice() {
   } catch { /* non-fatal — already gone or never existed */ }
 }
+// ── 0-pre. Drop any stale upgrade notice (#738, #743) ───────────────────────
+// `upgrade-notice.json` is a transient handshake between launcher and
+// statusline — it should never survive past the launcher run that wrote it.
+// Pre-#738 launchers wrote a 1-hour-TTL "complete" notice after upgrade work
+// finished; with the #738 contract that file can only be a leftover, but the
+// statusline still rendered it for the rest of the hour. Unconditionally
+// removing it here makes the contract self-healing — any future zombie
+// notice (legacy file, aborted launcher, future writer mistake) gets dropped
+// before the statusline can see it. The in-progress notice for THIS session,
+// if any, is written later in section 3 and cleared in section 3f.
+try {
+  unlinkSync(join(mofloDir(projectRoot), 'upgrade-notice.json'));
+} catch { /* non-fatal — file usually doesn't exist */ }
 // ── 0. LEGACY state migration (#699) ─────────────────────────────────────────
 // Consumers upgrading from older moflo builds (inherited from upstream Ruflo)
 // get a one-time auto-migration of LEGACY `.claude-flow/` → `.moflo/` so claim
@@ -126,6 +141,38 @@ try {
   // Non-fatal — failed migration leaves both DBs in place; next session retries.
 }
+// ── 0c. Memory DB index repair (#743) ───────────────────────────────────────
+// The .moflo/moflo.db SQLite file accumulates index corruption ("row N missing
+// from sqlite_autoindex_memory_entries_1") when sql.js's whole-file flush
+// races with concurrent writes. Symptom is silent: indexers fail mid-write,
+// the ephemeral-namespace purge (#729) silently no-ops, vector counts inflate.
+//
+// Probe + REINDEX in place. Must run BEFORE any sql.js consumer (the
+// embeddings migration in 3e, the soft-delete + ephemeral purges in 3e-728/
+// 3e-729, and the long-lived MCP server / daemon spawned in section 4) — all
+// of those swallow corruption errors and silently drop work on the floor.
+//
+// Awaited because every downstream sql.js touch this session depends on a
+// healthy index. Cost on the happy path is one PRAGMA check (~10ms).
+try {
+  const repair = await repairMemoryDbIfCorrupt(projectRoot);
+  if (repair?.repaired) {
+    emitMutation(
+      'repaired memory db index',
+      `${plural(repair.errors, 'index error')} fixed via REINDEX`,
+    );
+  } else if (repair?.persistent) {
+    // Surface to stderr — Claude additionalContext + the user both see this.
+    // Manual `flo memory rebuild-index` is the next step.
+    process.stderr.write(
+      `moflo: memory db has ${plural(repair.errors, 'index error')} REINDEX could not fix — run 'flo memory rebuild-index'\n`,
+    );
+  }
+} catch {
+  // Non-fatal — repair is best-effort; downstream code paths report their
+  // own errors if the DB is still broken.
+}
 // ── 1. Helper: fire-and-forget a background process ─────────────────────────
 function fireAndForget(cmd, args, label) {
   try {

package/dist/src/cli/version.js CHANGED Viewed

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.9.0-rc.3';
+export const VERSION = '4.9.0-rc.4';
 //# sourceMappingURL=version.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.9.0-rc.3",
+  "version": "4.9.0-rc.4",
   "description": "MoFlo — AI agent orchestration for Claude Code. Forked from ruflo/claude-flow with patches applied to source, plus feature-level orchestration.",
   "main": "dist/src/cli/index.js",
   "type": "module",
@@ -78,7 +78,7 @@
     "@typescript-eslint/eslint-plugin": "^7.18.0",
     "@typescript-eslint/parser": "^7.18.0",
     "eslint": "^8.0.0",
-    "moflo": "^4.9.0-rc.2",
+    "moflo": "^4.9.0-rc.3",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"