moflo 4.9.30 → 4.9.31

package/dist/src/cli/embeddings/fastembed-inline/index.js

@@ -132,6 +132,20 @@ export class FlagEmbedding {
         const session = await InferenceSession.create(modelPath, {
             executionProviders: ['cpu'],
             graphOptimizationLevel: 'all',
+            // Suppress ORT's WARNING-level chatter on session bring-up. ORT 1.26.0
+            // emits a `[W:onnxruntime ... GetPciBusId] Skipping pci_bus_id` line on
+            // Linux Azure VMs whose `/sys/devices/...` filenames don't match the
+            // `[0-9a-f]+:[0-9a-f]+:[0-9a-f]+.[0-9a-f]+` PCI pattern; the warning
+            // is harmless (we run on the CPU EP only) but leaks to stderr and
+            // confuses users into thinking moflo is broken. 0=verbose, 1=info,
+            // 2=warning (default), 3=error, 4=fatal — error is the right level
+            // because session bring-up genuine failures still surface.
+            //
+            // Re-audit when bumping fastembed or onnxruntime-node: ORT
+            // occasionally promotes deprecation / model-compatibility notices to
+            // WARNING that would now be hidden. If a model upgrade ever lands
+            // alongside this suppression, drop to 2 once to scan the output.
+            logSeverityLevel: 3,
         });
         return new FlagEmbedding(tokenizer, session);
     }

package/dist/src/cli/memory/bridge-entries.js

@@ -112,6 +112,30 @@ export async function bridgeStoreEntry(options) {
         const now = Date.now();
         const guardResult = await guardValidate(registry, 'store', { key, namespace, size: value.length });
         if (!guardResult.allowed) {
+            // Dedupe rejection means the same `(op, params)` write just succeeded
+            // — the caller's data is already durable. Look up the existing row so
+            // we can return its id with success:true; this matches what the
+            // dedupe semantically means (a no-op, not a failure). Other rejection
+            // reasons (rate limit, etc.) remain real failures. Match the literal
+            // reason string rather than a substring regex so a future rejection
+            // worded with "duplicate mutation" but different semantics doesn't
+            // get silently swallowed.
+            if (guardResult.reason === 'duplicate mutation within dedupe window') {
+                let existingId = null;
+                const probe = ctx.db.prepare(`SELECT id FROM memory_entries WHERE namespace = ? AND key = ? AND status = 'active' LIMIT 1`);
+                try {
+                    probe.bind([namespace, key]);
+                    if (probe.step()) {
+                        existingId = String(probe.getAsObject().id);
+                    }
+                }
+                finally {
+                    probe.free();
+                }
+                if (existingId) {
+                    return { success: true, id: existingId };
+                }
+            }
             return { success: false, id, error: `MutationGuard rejected: ${guardResult.reason}` };
         }
         const resolved = await resolveBridgeEmbedding(value, options.precomputedEmbedding, options.generateEmbeddingFlag, namespace);
@@ -120,6 +144,48 @@ export async function bridgeStoreEntry(options) {
         }
         const { json: embeddingJson, dimensions, model } = resolved;
         const embeddingResponse = embeddingResponseFrom(resolved);
+        // Idempotency guard, mirrors the one in `memory-initializer.ts`'s raw-
+        // sql.js fallback. When the daemon route just wrote this exact row but
+        // the client missed the ack, we land here with the row already on disk;
+        // a plain INSERT would trip UNIQUE and surface as `[moflo] bridge
+        // operation failed:` stderr noise even though the data is durable.
+        // Probe first so withDb never sees the throw.
+        //
+        // Limitations carried forward: only `content` is compared, not `tags`
+        // or `ttl`. The targeted scenario is the same caller's request being
+        // processed twice (daemon write + client retry), where every option is
+        // identical by definition — a different caller varying `tags` after a
+        // missed-ack would still see this as an idempotent no-op rather than
+        // an update. `cached: false, attested: false` because the prior writer
+        // already ran post-persist bookkeeping; this process's in-memory cache
+        // stays cold for one retrieve until the read path warms it (perf only,
+        // not correctness).
+        if (!options.upsert) {
+            let existingId = null;
+            let existingContent = null;
+            const probe = ctx.db.prepare(`SELECT id, content FROM memory_entries WHERE namespace = ? AND key = ? AND status = 'active' LIMIT 1`);
+            try {
+                probe.bind([namespace, key]);
+                if (probe.step()) {
+                    const row = probe.getAsObject();
+                    existingId = String(row.id);
+                    existingContent = row.content;
+                }
+            }
+            finally {
+                probe.free();
+            }
+            if (existingId && existingContent === value) {
+                return {
+                    success: true,
+                    id: existingId,
+                    embedding: embeddingResponse,
+                    guarded: true,
+                    cached: false,
+                    attested: false,
+                };
+            }
+        }
         const insertSql = options.upsert
             ? `INSERT OR REPLACE INTO memory_entries (
           id, key, namespace, content, type,

package/dist/src/cli/memory/memory-initializer.js

@@ -1650,6 +1650,42 @@ export async function storeEntry(options) {
                 embeddingModel = embResult.model;
             }
         }
+        // Idempotency guard. By the time we reach the raw-sql.js fallback, an
+        // earlier write attempt — daemon route via `tryDaemonStore`, or bridge
+        // via `bridgeStoreEntry` — may have already persisted this exact row to
+        // disk. If a post-persist throw escaped the bridge's inner guards (#994,
+        // #982), `bridgeStoreEntry` returned null and we landed here. Re-running
+        // a plain INSERT would then trip the UNIQUE constraint on `(namespace,
+        // key)` and surface as `exit 1` even though the data is durable on disk
+        // — exactly the cascade described in `bridge-entries.ts:205`. If the
+        // existing row matches the value the caller asked us to write, treat
+        // this as a successful no-op and propagate the existing id instead of
+        // re-inserting. If the content differs, fall through to INSERT — the
+        // UNIQUE error is then a real "key already taken with other content"
+        // signal that the caller deserves to see.
+        if (!upsert) {
+            let existingRow = null;
+            const probe = db.prepare(`SELECT id, content FROM memory_entries WHERE namespace = ? AND key = ? AND status = 'active' LIMIT 1`);
+            try {
+                probe.bind([namespace, key]);
+                if (probe.step()) {
+                    existingRow = probe.getAsObject();
+                }
+            }
+            finally {
+                probe.free();
+            }
+            if (existingRow && existingRow.content === value) {
+                db.close();
+                return {
+                    success: true,
+                    id: String(existingRow.id),
+                    embedding: embeddingJson
+                        ? { dimensions: embeddingDimensions, model: embeddingModel }
+                        : undefined,
+                };
+            }
+        }
         // Insert or update entry (upsert mode uses REPLACE)
         const insertSql = upsert
             ? `INSERT OR REPLACE INTO memory_entries (

package/dist/src/cli/spells/core/credential-validation.js

@@ -1,24 +1,31 @@
 /**
  * Credential Validation
  *
- * Lightweight, no-config shape checks applied to values pulled from the
- * encrypted credential store before they are promoted to `process.env`.
+ * Shape checks applied to values pulled from the encrypted credential store
+ * before they are promoted to `process.env`. Two layers:
  *
- * Two heuristics, both conservative — only invalidate when there is
- * positive evidence the stored value is bad. Anything we can't classify
- * passes through unchanged.
+ *   1. **Author-declared format** (preferred): the YAML prereq sets
+ *      `format: jwt`, and the validator enforces JWT shape + expiry. Any
+ *      non-JWT value (e.g. a value with no dots) is rejected outright,
+ *      catching the failure mode where a stored value isn't even a JWT
+ *      and the spell would otherwise fail mid-cast with a 401.
  *
- *   - JWT-shaped values (3 base64url segments) get their `exp` claim
- *     parsed and compared to "now". An expired JWT is reported as such.
- *   - Env keys ending in `_URL` must parse via the WHATWG `URL`
- *     constructor and have a non-empty host.
+ *   2. **Conservative heuristics** (fallback when no format is declared):
+ *        - JWT-shaped values (3 base64url segments) get their `exp` claim
+ *          parsed and rejected when expired.
+ *        - Env keys ending in `_URL` must parse via the WHATWG `URL`
+ *          constructor and have a non-empty host.
+ *      Anything else passes through.
  *
- * Story #1007: avoid silently reusing stale stored credentials (e.g.
- * Microsoft Graph access tokens, which expire in ~1h) so the resolver
- * can fall through to the prompt path and the user understands why.
+ * Story #1007: catch expired JWTs that survived past their TTL.
+ * Story #1009: extend to catch values that aren't even JWT-shaped when
+ * the prereq has declared `format: jwt`.
  */
 const VALID_JWT_SEGMENT = /^[A-Za-z0-9_-]+$/;
-export function validateStoredCredential(envKey, value) {
+export function validateStoredCredential(envKey, value, format) {
+    if (format === 'jwt') {
+        return validateJwtFormat(value);
+    }
     if (envKey.endsWith('_URL')) {
         return validateUrlValue(value);
     }
@@ -27,6 +34,15 @@ export function validateStoredCredential(envKey, value) {
     }
     return { valid: true };
 }
+function validateJwtFormat(value) {
+    if (!looksLikeJwt(value)) {
+        return {
+            valid: false,
+            reason: 'stored value is not a JWT (expected three base64url segments separated by ".")',
+        };
+    }
+    return validateJwtExpiry(value);
+}
 function validateUrlValue(value) {
     try {
         const parsed = new URL(value);

package/dist/src/cli/spells/core/prerequisite-checker.js

@@ -72,6 +72,7 @@ export function compilePrerequisiteSpec(spec) {
         description: spec.description,
         promptOnMissing,
         envKey,
+        format: spec.format,
     };
 }
 function defaultHintForDetect(spec) {
@@ -205,7 +206,7 @@ export async function resolveUnmetPrerequisites(prerequisites, options = {}) {
             const stored = await credentials.get(prereq.envKey);
             if (typeof stored !== 'string' || stored.length === 0)
                 return;
-            const validation = validateStoredCredential(prereq.envKey, stored);
+            const validation = validateStoredCredential(prereq.envKey, stored, prereq.format);
             if (!validation.valid) {
                 rejectedFromStore.push({ envKey: prereq.envKey, reason: validation.reason });
                 return;

package/dist/src/cli/spells/schema/validators/prerequisites.js

@@ -6,6 +6,7 @@
  * deliberately small so step validation can delegate here.
  */
 const VALID_DETECT_TYPES = ['env', 'command', 'file'];
+const VALID_FORMATS = ['jwt'];
 export function validatePrerequisites(prereqs, errors, path) {
     if (!Array.isArray(prereqs)) {
         errors.push({ path, message: 'prerequisites must be an array' });
@@ -39,6 +40,13 @@ export function validatePrerequisites(prereqs, errors, path) {
         if (p.promptOnMissing !== undefined && typeof p.promptOnMissing !== 'boolean') {
             errors.push({ path: `${pPath}.promptOnMissing`, message: 'promptOnMissing must be a boolean' });
         }
+        if (p.format !== undefined
+            && !VALID_FORMATS.includes(p.format)) {
+            errors.push({
+                path: `${pPath}.format`,
+                message: `format must be one of: ${VALID_FORMATS.join(', ')}`,
+            });
+        }
         const detect = p.detect;
         if (!detect || typeof detect !== 'object') {
             errors.push({ path: `${pPath}.detect`, message: 'detect is required and must be an object' });
@@ -66,6 +74,14 @@ export function validatePrerequisites(prereqs, errors, path) {
                 errors.push({ path: `${pPath}.detect.path`, message: 'detect.path is required for file detector' });
             }
         }
+        // `format` only applies to stored env values — silently ignoring it on
+        // command/file detectors would mask author mistakes.
+        if (p.format !== undefined && detect.type !== 'env') {
+            errors.push({
+                path: `${pPath}.format`,
+                message: 'format is only valid on env-type prerequisites',
+            });
+        }
     });
 }
 //# sourceMappingURL=prerequisites.js.map

package/dist/src/cli/version.js

@@ -2,5 +2,5 @@
  * Auto-generated by build. Do not edit manually.
  * Source of truth: root package.json → scripts/sync-version.mjs
  */
-export const VERSION = '4.9.30';
+export const VERSION = '4.9.31';
 //# sourceMappingURL=version.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "moflo",
-  "version": "4.9.30",
+  "version": "4.9.31",
   "description": "MoFlo — AI agent orchestration for Claude Code. A standalone, opinionated toolkit with semantic memory, learned routing, gates, spells, and the /flo issue-execution skill.",
   "main": "dist/src/cli/index.js",
   "type": "module",
@@ -84,7 +84,7 @@
     "@typescript-eslint/eslint-plugin": "^7.18.0",
     "@typescript-eslint/parser": "^7.18.0",
     "eslint": "^8.0.0",
-    "moflo": "^4.9.29",
+    "moflo": "^4.9.30",
     "tsx": "^4.21.0",
     "typescript": "^5.9.3",
     "vitest": "^4.0.0"