moflo 4.9.26 → 4.9.28

package/dist/src/cli/services/daemon-memory-rpc.js

@@ -0,0 +1,335 @@
+/**
+ * Daemon HTTP RPC for memory writes (#981 — single-writer architecture).
+ *
+ * Adds POST /api/memory/{store,delete,batch} to the existing daemon HTTP
+ * server. The daemon process becomes the single authoritative writer when
+ * these endpoints are called; other processes (CLI, MCP server) route
+ * writes here via the daemon-write-client (Story #984).
+ *
+ * Story #983 ships these endpoints purely additively — nothing in the
+ * codebase calls them yet. Stories #985 / #986 wire consumer callers.
+ *
+ * Loopback-only: the parent server binds 127.0.0.1, so no auth/CSRF.
+ *
+ * @module daemon-memory-rpc
+ */
+import { errorDetail } from '../shared/utils/error-detail.js';
+// ============================================================================
+// Constants
+// ============================================================================
+/**
+ * Maximum POST body size for memory RPC. Larger bodies → 413.
+ * 1 MiB is well above any reasonable single entry while bounding
+ * pathological loopback writes (defense-in-depth even on 127.0.0.1).
+ */
+export const MEMORY_RPC_MAX_BODY_BYTES = 1024 * 1024;
+/** Conservative namespace pattern: alphanumerics, dot, dash, underscore. ≤64 chars. */
+const NAMESPACE_PATTERN = /^[a-zA-Z0-9._-]{1,64}$/;
+/** Max key length. Aligns with the existing memory_entries TEXT column conventions. */
+const KEY_MAX_LENGTH = 256;
+/** Max ops per batch. Bounds memory + write time per request. */
+export const BATCH_MAX_OPS = 100;
+// ============================================================================
+// JSON body reader (size-capped, never throws)
+// ============================================================================
+/**
+ * Read a JSON request body with a hard byte cap. Returns null on:
+ *   - body exceeds {@link MEMORY_RPC_MAX_BODY_BYTES}
+ *   - body is not valid JSON
+ *   - request errors before completion
+ *
+ * Never throws. Caller maps null → 400.
+ */
+async function readJsonBody(req) {
+    return new Promise((resolve) => {
+        let total = 0;
+        const chunks = [];
+        let done = false;
+        const finish = (result) => {
+            if (done)
+                return;
+            done = true;
+            resolve(result);
+        };
+        req.on('data', (chunk) => {
+            total += chunk.length;
+            if (total > MEMORY_RPC_MAX_BODY_BYTES) {
+                // Stop accumulating; let the request finish but discard.
+                chunks.length = 0;
+                finish(null);
+                return;
+            }
+            if (!done)
+                chunks.push(chunk);
+        });
+        req.on('end', () => {
+            if (done)
+                return;
+            try {
+                const raw = Buffer.concat(chunks).toString('utf8');
+                finish(raw.length === 0 ? null : JSON.parse(raw));
+            }
+            catch {
+                finish(null);
+            }
+        });
+        req.on('error', () => finish(null));
+    });
+}
+// ============================================================================
+// Validation
+// ============================================================================
+function isNamespace(ns) {
+    return typeof ns === 'string' && NAMESPACE_PATTERN.test(ns);
+}
+function isKey(key) {
+    return typeof key === 'string' && key.length > 0 && key.length <= KEY_MAX_LENGTH;
+}
+function isStringArray(value) {
+    return Array.isArray(value) && value.every(v => typeof v === 'string');
+}
+function validateStorePayload(body) {
+    if (typeof body !== 'object' || body === null)
+        return { ok: false, error: 'body must be a JSON object' };
+    const b = body;
+    if (!isNamespace(b.namespace))
+        return { ok: false, error: `invalid namespace (must match ${NAMESPACE_PATTERN}, ≤64 chars)` };
+    if (!isKey(b.key))
+        return { ok: false, error: `invalid key (non-empty string ≤${KEY_MAX_LENGTH} chars)` };
+    if (b.value === undefined)
+        return { ok: false, error: 'value is required' };
+    if (b.tags !== undefined && !isStringArray(b.tags))
+        return { ok: false, error: 'tags must be an array of strings' };
+    if (b.ttl !== undefined && (typeof b.ttl !== 'number' || !Number.isFinite(b.ttl) || b.ttl <= 0)) {
+        return { ok: false, error: 'ttl must be a positive finite number (seconds)' };
+    }
+    return {
+        ok: true,
+        op: {
+            namespace: b.namespace,
+            key: b.key,
+            value: b.value,
+            tags: b.tags,
+            ttl: b.ttl,
+        },
+    };
+}
+function validateDeletePayload(body) {
+    if (typeof body !== 'object' || body === null)
+        return { ok: false, error: 'body must be a JSON object' };
+    const b = body;
+    if (!isNamespace(b.namespace))
+        return { ok: false, error: 'invalid namespace' };
+    if (!isKey(b.key))
+        return { ok: false, error: 'invalid key' };
+    return { ok: true, op: { namespace: b.namespace, key: b.key } };
+}
+function validateBatchPayload(body) {
+    if (typeof body !== 'object' || body === null)
+        return { ok: false, error: 'body must be a JSON object' };
+    const ops = body.ops;
+    if (!Array.isArray(ops) || ops.length === 0) {
+        return { ok: false, error: 'ops must be a non-empty array' };
+    }
+    if (ops.length > BATCH_MAX_OPS) {
+        return { ok: false, error: `batch too large (max ${BATCH_MAX_OPS} ops)` };
+    }
+    const validated = [];
+    for (let i = 0; i < ops.length; i++) {
+        const raw = ops[i];
+        const opType = raw?.op;
+        if (opType === 'store') {
+            const r = validateStorePayload(raw);
+            if (!r.ok)
+                return { ok: false, error: r.error, index: i };
+            validated.push({ op: 'store', ...r.op });
+        }
+        else if (opType === 'delete') {
+            const r = validateDeletePayload(raw);
+            if (!r.ok)
+                return { ok: false, error: r.error, index: i };
+            validated.push({ op: 'delete', ...r.op });
+        }
+        else {
+            return { ok: false, error: "op must be 'store' or 'delete'", index: i };
+        }
+    }
+    return { ok: true, ops: validated };
+}
+// ============================================================================
+// JSON response helper (intentionally duplicates daemon-dashboard's helper —
+// keeping this module standalone simplifies testing and avoids a circular
+// dep when daemon-dashboard imports the route handlers below).
+// ============================================================================
+function sendJson(res, status, body) {
+    const json = JSON.stringify(body);
+    res.writeHead(status, {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(json),
+        'Cache-Control': 'no-cache',
+    });
+    res.end(json);
+}
+function valueToString(value) {
+    return typeof value === 'string' ? value : JSON.stringify(value);
+}
+// ============================================================================
+// Route handlers
+// ============================================================================
+/** Lazy import to avoid a circular dep with memory-initializer's heavy graph. */
+async function getMemoryFns() {
+    const mod = await import('../memory/memory-initializer.js');
+    return { storeEntry: mod.storeEntry, deleteEntry: mod.deleteEntry };
+}
+/**
+ * POST /api/memory/store — write a single entry through the daemon's
+ * authoritative sql.js path. Upsert semantics (matches `memory_store`
+ * MCP tool default — see #962 for why this is required).
+ */
+export async function handleMemoryStore(req, res, memory) {
+    if (!memory) {
+        sendJson(res, 503, { error: 'Memory accessor not attached' });
+        return;
+    }
+    const body = await readJsonBody(req);
+    if (body === null) {
+        sendJson(res, 400, { error: 'Invalid or oversized JSON body' });
+        return;
+    }
+    const v = validateStorePayload(body);
+    if (!v.ok) {
+        sendJson(res, 400, { error: 'Invalid store request', message: v.error });
+        return;
+    }
+    try {
+        const { storeEntry } = await getMemoryFns();
+        const result = await storeEntry({
+            key: v.op.key,
+            value: valueToString(v.op.value),
+            namespace: v.op.namespace,
+            tags: v.op.tags,
+            ttl: v.op.ttl,
+            upsert: true,
+        });
+        if (!result.success) {
+            sendJson(res, 500, { error: 'Store failed', message: result.error ?? 'unknown' });
+            return;
+        }
+        sendJson(res, 200, { ok: true, stored: true, id: result.id });
+    }
+    catch (err) {
+        sendJson(res, 500, { error: 'Internal error', message: errorDetail(err) });
+    }
+}
+/**
+ * POST /api/memory/delete — remove an entry via the daemon's authoritative
+ * write path.
+ */
+export async function handleMemoryDelete(req, res, memory) {
+    if (!memory) {
+        sendJson(res, 503, { error: 'Memory accessor not attached' });
+        return;
+    }
+    const body = await readJsonBody(req);
+    if (body === null) {
+        sendJson(res, 400, { error: 'Invalid or oversized JSON body' });
+        return;
+    }
+    const v = validateDeletePayload(body);
+    if (!v.ok) {
+        sendJson(res, 400, { error: 'Invalid delete request', message: v.error });
+        return;
+    }
+    try {
+        const { deleteEntry } = await getMemoryFns();
+        const result = await deleteEntry({ key: v.op.key, namespace: v.op.namespace });
+        if (!result.success) {
+            sendJson(res, 500, { error: 'Delete failed', message: result.error ?? 'unknown' });
+            return;
+        }
+        sendJson(res, 200, { ok: true, deleted: result.deleted });
+    }
+    catch (err) {
+        sendJson(res, 500, { error: 'Internal error', message: errorDetail(err) });
+    }
+}
+/**
+ * POST /api/memory/batch — apply a sequence of store/delete ops.
+ *
+ * Validation is all-or-nothing: any invalid op fails the request with 400
+ * and no application. Application is sequential: a failure mid-stream
+ * returns 207 Multi-Status with structured per-op results so the caller
+ * can retry only the failures.
+ *
+ * True transactional atomicity isn't possible without a long-lived
+ * write-handle inside the daemon (a future evolution); for now this
+ * mirrors the existing `storeEntries` fallback semantics.
+ */
+export async function handleMemoryBatch(req, res, memory) {
+    if (!memory) {
+        sendJson(res, 503, { error: 'Memory accessor not attached' });
+        return;
+    }
+    const body = await readJsonBody(req);
+    if (body === null) {
+        sendJson(res, 400, { error: 'Invalid or oversized JSON body' });
+        return;
+    }
+    const v = validateBatchPayload(body);
+    if (!v.ok) {
+        sendJson(res, 400, { error: 'Invalid batch request', message: v.error, index: v.index });
+        return;
+    }
+    const { storeEntry, deleteEntry } = await getMemoryFns();
+    const results = [];
+    let anyFailed = false;
+    for (const op of v.ops) {
+        try {
+            if (op.op === 'store') {
+                const r = await storeEntry({
+                    key: op.key,
+                    value: valueToString(op.value),
+                    namespace: op.namespace,
+                    tags: op.tags,
+                    ttl: op.ttl,
+                    upsert: true,
+                });
+                if (r.success) {
+                    results.push({ ok: true, id: r.id });
+                }
+                else {
+                    results.push({ ok: false, error: r.error ?? 'unknown' });
+                    anyFailed = true;
+                }
+            }
+            else {
+                const r = await deleteEntry({ key: op.key, namespace: op.namespace });
+                if (r.success) {
+                    results.push({ ok: true, deleted: r.deleted });
+                }
+                else {
+                    results.push({ ok: false, error: r.error ?? 'unknown' });
+                    anyFailed = true;
+                }
+            }
+        }
+        catch (err) {
+            results.push({ ok: false, error: errorDetail(err) });
+            anyFailed = true;
+        }
+    }
+    sendJson(res, anyFailed ? 207 : 200, { ok: !anyFailed, results });
+}
+export function matchMemoryRpcRoute(url) {
+    if (!url)
+        return null;
+    const path = url.split('?')[0];
+    if (path === '/api/memory/store')
+        return 'store';
+    if (path === '/api/memory/delete')
+        return 'delete';
+    if (path === '/api/memory/batch')
+        return 'batch';
+    return null;
+}
+//# sourceMappingURL=daemon-memory-rpc.js.map

package/dist/src/cli/swarm/message-bus/write-through-adapter.js

@@ -23,6 +23,16 @@ export class WriteThroughAdapter {
     attached = false;
     boundHandler;
     stats = { written: 0, errors: 0, reaped: 0 };
+    /**
+     * #981 — track in-flight fire-and-forget writes so `clearNamespace` (and
+     * any future shutdown waiter) can await them before listing/deleting.
+     * Without this, a unified message that hits the bus shortly before
+     * shutdown's clearNamespace() races the listEntries query — its write
+     * lands AFTER list and survives the shutdown's deletes. Pre-#981 this
+     * race was hidden by sql.js multi-process clobber; under single-writer
+     * routing the write deterministically persists.
+     */
+    pendingWrites = new Set();
     constructor(bus, config, storeEntry, options) {
         this.bus = bus;
         this.config = config;
@@ -77,6 +87,10 @@ export class WriteThroughAdapter {
     async clearNamespace(namespace) {
         if (!this.listEntries || !this.deleteEntry)
             return;
+        // #981 — drain in-flight writes before listing. Without this the list
+        // can return BEFORE a queued write completes; the deletes that follow
+        // skip that row, and it survives the shutdown.
+        await this.drainPendingWrites();
         try {
             const result = await this.listEntries({ namespace, limit: 1000 });
             for (const entry of result.entries) {
@@ -87,13 +101,25 @@ export class WriteThroughAdapter {
             // Best-effort cleanup
         }
     }
+    /**
+     * Wait for every fire-and-forget write currently in flight to settle.
+     * No-op when no writes are queued. Bounded by `Promise.allSettled` so a
+     * single hung write can't block forever (each individual write has its
+     * own daemon-write-client timeout).
+     */
+    async drainPendingWrites() {
+        if (this.pendingWrites.size === 0)
+            return;
+        await Promise.allSettled([...this.pendingWrites]);
+    }
     onUnifiedMessage(event) {
         if (!event.namespace || !this.enabledNamespaces.has(event.namespace)) {
             return;
         }
         const ttlSeconds = event.ttlMs ? Math.ceil(event.ttlMs / 1000) : undefined;
-        // Fire-and-forget write to Memory DB
-        this.storeEntry({
+        // Fire-and-forget write to Memory DB. The promise is tracked in
+        // `pendingWrites` so `clearNamespace`/`drainPendingWrites` can await it.
+        const writePromise = this.storeEntry({
             key: `msg:${event.messageId}`,
             value: JSON.stringify({
                 id: event.messageId,
@@ -115,6 +141,8 @@ export class WriteThroughAdapter {
         }).catch(() => {
             this.stats.errors++;
         });
+        this.pendingWrites.add(writePromise);
+        writePromise.finally(() => { this.pendingWrites.delete(writePromise); });
     }
     /**
      * DB reaper: cleans expired entries from Memory DB.

package/dist/src/cli/version.js

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.9.26';
+export const VERSION = '4.9.28';
 //# sourceMappingURL=version.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.9.26",
+  "version": "4.9.28",
   "description": "MoFlo — AI agent orchestration for Claude Code. A standalone, opinionated toolkit with semantic memory, learned routing, gates, spells, and the /flo issue-execution skill.",
   "main": "dist/src/cli/index.js",
   "type": "module",
@@ -84,7 +84,7 @@
     "@typescript-eslint/eslint-plugin": "^7.18.0",
     "@typescript-eslint/parser": "^7.18.0",
     "eslint": "^8.0.0",
-    "moflo": "^4.9.25",
+    "moflo": "^4.9.27",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"

package/src/cli/spells/definitions/epic-auto-merge.yaml

@@ -87,8 +87,12 @@ steps:
         # elevated — bwrap network access for git pull (see single-branch create-branch).
         permissionLevel: elevated
         preflight:
+          # `git diff --name-only --diff-filter=U` always exits 0 — it just
+          # lists paths. Use `--quiet`, which exits 1 when any unmerged path
+          # exists, so this preflight actually catches a half-merged index
+          # (e.g. left by an earlier failed run).
           - name: "no unmerged files"
-            command: "git diff --name-only --diff-filter=U"
+            command: "git diff --quiet --diff-filter=U"
             expectExitCode: 0
             hint: "You have unresolved merge conflicts. Resolve them and commit before running this spell."
           - name: "working tree clean (tracked changes)"
@@ -97,7 +101,7 @@ steps:
             hint: "You have uncommitted changes to tracked files. If you want them carried onto the epic branch, pick 'Stash and carry over'."
             resolutions:
               - label: "Stash changes and carry them onto the epic branch"
-                command: "git stash push --include-untracked --message 'moflo-epic-autostash'"
+                command: "git stash push --include-untracked --message 'moflo-epic-{args.epic_number}-autostash'"
               - label: "Commit changes to the current branch first, then continue"
                 command: "git commit -am 'wip: pre-epic snapshot'"
           - name: "working tree clean (staged changes)"
@@ -106,7 +110,7 @@ steps:
             hint: "You have staged changes that aren't committed. If you want them carried onto the epic branch, pick 'Stash and carry over'."
             resolutions:
               - label: "Stash staged changes and carry them onto the epic branch"
-                command: "git stash push --include-untracked --message 'moflo-epic-autostash'"
+                command: "git stash push --include-untracked --message 'moflo-epic-{args.epic_number}-autostash'"
               - label: "Commit staged changes to the current branch first, then continue"
                 command: "git commit -m 'wip: pre-epic snapshot'"
           - name: "gh cli authenticated"
@@ -116,9 +120,28 @@ steps:
             command: "git remote get-url origin"
             hint: "This repo has no 'origin' remote. Set one with: git remote add origin <url>"
         config:
-          # set -e: fail fast if checkout/pull fails; otherwise the trailing
-          # `stash pop ... || true` would mask the real failure.
-          command: "set -e; git stash --include-untracked -q 2>/dev/null || true; git checkout {args.base_branch}; git pull origin {args.base_branch}; git stash pop -q 2>/dev/null || true"
+          # set -e: fail fast if checkout/pull fails.
+          #
+          # We deliberately do NOT auto-stash here. Preflight enforces a clean
+          # tree (or runs the user-chosen stash-and-carry resolution), so the
+          # only stash we should ever pop is the preflight's
+          # `moflo-epic-autostash` marker. Popping the unconditionally-top
+          # stash (the previous design) was the source of #287's stash-pop
+          # conflict that left the index half-merged.
+          command: |
+            set -e
+            git checkout {args.base_branch}
+            git pull origin {args.base_branch}
+            # Scoped by epic_number to prevent a stale autostash from an
+            # unrelated abandoned run getting popped here.
+            EXPECTED_STASH_TAG="moflo-epic-{args.epic_number}-autostash"
+            TOP_MSG=$(git stash list --format='%s' -1)
+            if [[ "$TOP_MSG" == *"$EXPECTED_STASH_TAG"* ]]; then
+              if ! git stash pop -q; then
+                echo "[epic] carrying-over stash conflicted on {args.base_branch} — resolve unmerged paths and re-run the spell" >&2
+                exit 1
+              fi
+            fi
           failOnError: true
 
       # 2: Spawn Claude agent to implement the story (creates branch + PR)
@@ -155,7 +178,20 @@ steps:
         permissionLevel: elevated
         config:
           # set -e: fail fast if checkout/pull fails (see checkout-base).
-          command: "set -e; git stash --include-untracked -q 2>/dev/null || true; git checkout {args.base_branch}; git pull origin {args.base_branch}; git stash pop -q 2>/dev/null || true"
+          # No in-step stash; pop only the preflight's autostash marker
+          # (scoped by epic_number — see checkout-base).
+          command: |
+            set -e
+            git checkout {args.base_branch}
+            git pull origin {args.base_branch}
+            EXPECTED_STASH_TAG="moflo-epic-{args.epic_number}-autostash"
+            TOP_MSG=$(git stash list --format='%s' -1)
+            if [[ "$TOP_MSG" == *"$EXPECTED_STASH_TAG"* ]]; then
+              if ! git stash pop -q; then
+                echo "[epic] carrying-over stash conflicted on {args.base_branch} — resolve unmerged paths and re-run the spell" >&2
+                exit 1
+              fi
+            fi
           failOnError: true
 
       # 6: Comment on epic with progress

package/src/cli/spells/definitions/epic-single-branch.yaml

@@ -87,8 +87,12 @@ steps:
     # has working network.
     permissionLevel: elevated
     preflight:
+      # `git diff --name-only --diff-filter=U` always exits 0 — it just lists
+      # paths. Use `--quiet`, which exits 1 when any unmerged path exists, so
+      # the preflight actually catches a half-merged index left by an earlier
+      # failed run (e.g. a stash-pop conflict).
       - name: "no unmerged files"
-        command: "git diff --name-only --diff-filter=U"
+        command: "git diff --quiet --diff-filter=U"
         expectExitCode: 0
         hint: "You have unresolved merge conflicts. Resolve them and commit before running this spell."
       - name: "working tree clean (tracked changes)"
@@ -97,7 +101,7 @@ steps:
         hint: "You have uncommitted changes to tracked files. If you want them carried onto the epic branch, pick 'Stash and carry over'."
         resolutions:
           - label: "Stash changes and carry them onto the epic branch"
-            command: "git stash push --include-untracked --message 'moflo-epic-autostash'"
+            command: "git stash push --include-untracked --message 'moflo-epic-{args.epic_number}-autostash'"
           - label: "Commit changes to the current branch first, then continue"
             command: "git commit -am 'wip: pre-epic snapshot'"
       - name: "working tree clean (staged changes)"
@@ -106,18 +110,45 @@ steps:
         hint: "You have staged changes that aren't committed. If you want them carried onto the epic branch, pick 'Stash and carry over'."
         resolutions:
           - label: "Stash staged changes and carry them onto the epic branch"
-            command: "git stash push --include-untracked --message 'moflo-epic-autostash'"
+            command: "git stash push --include-untracked --message 'moflo-epic-{args.epic_number}-autostash'"
           - label: "Commit staged changes to the current branch first, then continue"
             command: "git commit -m 'wip: pre-epic snapshot'"
       - name: "gh cli authenticated"
         command: "gh auth status"
         hint: "The GitHub CLI isn't signed in. Run: gh auth login"
     config:
-      # set -e: any failing step aborts the whole command. Without it, the
-      # trailing `git stash pop ... || true` would swallow real failures
-      # (e.g., checkout/pull/branch-create errors) and report success,
-      # leaving later steps to crash when the epic branch isn't there.
-      command: "set -e; git stash --include-untracked -q 2>/dev/null || true; git checkout {args.base_branch}; git pull origin {args.base_branch}; BRANCH=\"epic/{args.epic_number}-{args.epic_slug}\"; if git show-ref --verify --quiet \"refs/heads/$BRANCH\"; then git checkout \"$BRANCH\"; else git checkout -b \"$BRANCH\"; fi; git stash pop -q 2>/dev/null || true"
+      # set -e: any failing step aborts the whole command.
+      #
+      # We deliberately do NOT auto-stash here. Preflight has already enforced
+      # a clean tree (or run the user-chosen stash-and-carry resolution), so
+      # the only stash we should ever pop is the preflight's `moflo-epic-autostash`
+      # marker. Popping the unconditionally-top stash (the previous design)
+      # was the source of #287's stash-pop conflict that left the index
+      # half-merged — `git stash pop ... || true` masked the conflict
+      # failure and the next step's `git checkout` then died with
+      # "you need to resolve your current index first".
+      command: |
+        set -e
+        git checkout {args.base_branch}
+        git pull origin {args.base_branch}
+        BRANCH="epic/{args.epic_number}-{args.epic_slug}"
+        if git show-ref --verify --quiet "refs/heads/$BRANCH"; then
+          git checkout "$BRANCH"
+        else
+          git checkout -b "$BRANCH"
+        fi
+        # Scope the marker by epic_number so a stale autostash from an
+        # abandoned previous run of a DIFFERENT epic doesn't get popped onto
+        # this branch unintentionally. Same-epic re-runs still carry over,
+        # which is the intended recovery path.
+        EXPECTED_STASH_TAG="moflo-epic-{args.epic_number}-autostash"
+        TOP_MSG=$(git stash list --format='%s' -1)
+        if [[ "$TOP_MSG" == *"$EXPECTED_STASH_TAG"* ]]; then
+          if ! git stash pop -q; then
+            echo "[epic] carrying-over stash conflicted on $BRANCH — resolve unmerged paths and re-run the spell" >&2
+            exit 1
+          fi
+        fi
       timeout: 120000
       failOnError: true