moflo 4.9.36 → 4.10.0

package/dist/src/cli/services/cherry-pick-learnings.js

@@ -33,10 +33,9 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 import * as fs from 'fs';
 import * as path from 'path';
-import { mofloImport } from './moflo-require.js';
-import { atomicWriteFileSync } from './atomic-file-write.js';
 import { legacyMemoryDbBakPath, memoryDbCandidatePaths, memoryDbPath, } from './moflo-paths.js';
 import { MEMORY_SCHEMA_V3 } from '../memory/memory-initializer.js';
+import { openDaemonDatabase } from '../memory/daemon-backend.js';
 /** Namespaces preserved across upgrades. Everything else is derived. */
 export const DURABLE_NAMESPACES = ['learnings', 'knowledge'];
 /**
@@ -84,15 +83,34 @@ export async function cherryPickLearningsFromLegacy(options = {}) {
         sources: [],
         target,
     };
-    const initSqlJs = (await mofloImport('sql.js'))?.default;
-    if (!initSqlJs)
+    // Fast-path: skip target materialization entirely if no legacy source is
+    // even on disk. A fresh install has no .swarm/memory.db etc. — opening
+    // targetDb would create an empty .moflo/moflo.db that the regular memory
+    // initializer should create lazily on first MCP write. Saves an unnecessary
+    // atomic-write per fresh-install upgrade and keeps the existsSync(target)
+    // contract that the launcher relies on.
+    const presentSources = legacyPaths.filter((p) => p !== target && fs.existsSync(p));
+    if (presentSources.length === 0) {
+        // Still emit a self-reference report if the canonical was in the list,
+        // for symmetry with the multi-source path.
+        for (const sourcePath of legacyPaths) {
+            if (sourcePath === target) {
+                result.sources.push({
+                    path: sourcePath,
+                    rowsRead: 0,
+                    rowsInserted: 0,
+                    reason: CHERRY_PICK_SKIP_REASONS.SELF_REFERENCE,
+                });
+            }
+        }
         return result;
-    const SQL = (await initSqlJs());
+    }
+    // node:sqlite via the unified factory (Phase 5 / #1084). openDaemonDatabase
+    // creates parent dirs + applies WAL pragma; the WAL-incremental persistence
+    // model means no atomicWriteFileSync at the end — every INSERT below
+    // commits to disk through the WAL.
     fs.mkdirSync(path.dirname(target), { recursive: true });
-    const targetExists = fs.existsSync(target);
-    const targetDb = targetExists
-        ? new SQL.Database(fs.readFileSync(target))
-        : new SQL.Database();
+    const targetDb = openDaemonDatabase(target);
     let insertStmt = null;
     try {
         targetDb.run(MEMORY_SCHEMA_V3);
@@ -100,8 +118,8 @@ export async function cherryPickLearningsFromLegacy(options = {}) {
         const selectSql = `SELECT id, key, namespace, content, type, embedding, embedding_model, ` +
             `embedding_dimensions, tags, metadata, owner_id, created_at, updated_at, status ` +
             `FROM memory_entries WHERE namespace IN (${placeholders})`;
-        // Hoisted prepare — avoids re-parsing the SQL inside sql.js for every
-        // INSERT. Matters for legacy DBs with hundreds of learnings rows.
+        // Hoisted prepare — avoids re-parsing the SQL for every INSERT. Matters
+        // for legacy DBs with hundreds of learnings rows.
         insertStmt = targetDb.prepare(`INSERT OR IGNORE INTO memory_entries ` +
             `(id, key, namespace, content, type, embedding, embedding_model, ` +
             ` embedding_dimensions, tags, metadata, owner_id, created_at, updated_at, status) ` +
@@ -118,18 +136,11 @@ export async function cherryPickLearningsFromLegacy(options = {}) {
             }
             if (!fs.existsSync(sourcePath))
                 continue;
-            const report = readAndInsert(SQL, sourcePath, targetDb, insertStmt, selectSql, namespaces);
+            const report = readAndInsert(sourcePath, targetDb, insertStmt, selectSql, namespaces);
             result.sources.push(report);
             result.copied += report.rowsInserted;
             result.considered += report.rowsRead;
         }
-        // Skip the atomic write when there's nothing to persist:
-        //  - copied=0 + target didn't exist → don't materialize an empty DB
-        //    (the regular initializer creates it on first real write).
-        //  - copied=0 + target already existed → no diff, nothing to flush.
-        if (result.copied > 0) {
-            atomicWriteFileSync(target, Buffer.from(targetDb.export()));
-        }
     }
     finally {
         if (insertStmt) {
@@ -142,10 +153,10 @@ export async function cherryPickLearningsFromLegacy(options = {}) {
     }
     return result;
 }
-function readAndInsert(SQL, sourcePath, targetDb, insertStmt, selectSql, namespaces) {
+function readAndInsert(sourcePath, targetDb, insertStmt, selectSql, namespaces) {
     let sourceDb;
     try {
-        sourceDb = new SQL.Database(fs.readFileSync(sourcePath));
+        sourceDb = openDaemonDatabase(sourcePath);
     }
     catch {
         return {

package/dist/src/cli/services/daemon-dashboard.js

@@ -14,7 +14,7 @@
  */
 import { createServer } from 'node:http';
 import { errorDetail } from '../shared/utils/error-detail.js';
-import { handleMemoryStore, handleMemoryDelete, handleMemoryBatch, matchMemoryRpcRoute, } from './daemon-memory-rpc.js';
+import { handleMemoryStore, handleMemoryDelete, handleMemoryBatch, handleMemoryGet, handleMemorySearch, handleMemoryList, matchMemoryRpcRoute, } from './daemon-memory-rpc.js';
 import { aggregateClaudeStats, emptyClaudeStatsShape } from './claude-stats.js';
 export const DEFAULT_DASHBOARD_PORT = 3117;
 /**
@@ -407,6 +407,18 @@ async function handleRequest(req, res, daemon, opts) {
                 await handleMemoryBatch(req, res, opts.memory);
                 return;
             }
+            if (memoryRoute === 'get') {
+                await handleMemoryGet(req, res, opts.memory);
+                return;
+            }
+            if (memoryRoute === 'search') {
+                await handleMemorySearch(req, res, opts.memory);
+                return;
+            }
+            if (memoryRoute === 'list') {
+                await handleMemoryList(req, res, opts.memory);
+                return;
+            }
         }
         if (method !== 'GET') {
             sendJson(res, 405, { error: 'Method not allowed' });

package/dist/src/cli/services/daemon-lock.js

@@ -9,7 +9,8 @@
  * and verifying the process command line before trusting a "live" PID.
  */
 import * as fs from 'fs';
-import { join } from 'path';
+import { dirname, join } from 'path';
+import { fileURLToPath } from 'url';
 import { execSync } from 'child_process';
 const LOCK_FILENAME = 'daemon.lock';
 const LOCK_LABEL = 'moflo-daemon';
@@ -17,6 +18,33 @@ const LOCK_LABEL = 'moflo-daemon';
 export function lockPath(projectRoot) {
     return join(projectRoot, '.moflo', LOCK_FILENAME);
 }
+/**
+ * Read this daemon's own moflo package version by walking up from the
+ * compiled module location until a `package.json` with `"name": "moflo"`
+ * is found. Mirrors the pattern in `mcp-server.ts:260-279`. Returns
+ * `undefined` if the package.json can't be located — the launcher treats
+ * an undefined version the same as a mismatch, so this stays safe.
+ */
+export function readOwnMofloVersion() {
+    try {
+        let dir = dirname(fileURLToPath(import.meta.url));
+        for (;;) {
+            try {
+                const pkg = JSON.parse(fs.readFileSync(join(dir, 'package.json'), 'utf8'));
+                if (pkg.name === 'moflo' && typeof pkg.version === 'string')
+                    return pkg.version;
+            }
+            catch { /* ignore — keep walking */ }
+            const parent = dirname(dir);
+            if (parent === dir)
+                return undefined;
+            dir = parent;
+        }
+    }
+    catch {
+        return undefined;
+    }
+}
 /**
  * Try to acquire the daemon lock atomically.
  *
@@ -34,6 +62,7 @@ export function acquireDaemonLock(projectRoot, pid = process.pid) {
         pid,
         startedAt: Date.now(),
         label: LOCK_LABEL,
+        version: readOwnMofloVersion(),
     };
     // Attempt 1: atomic exclusive create
     const result = tryExclusiveWrite(lock, payload);
@@ -95,6 +124,7 @@ export function transferDaemonLock(projectRoot, newPid, fromPid = process.pid) {
         pid: newPid,
         startedAt: Date.now(),
         label: LOCK_LABEL,
+        version: existing.version ?? readOwnMofloVersion(),
     };
     try {
         // Atomic overwrite — no unlink/recreate gap
@@ -105,6 +135,27 @@ export function transferDaemonLock(projectRoot, newPid, fromPid = process.pid) {
         return false;
     }
 }
+/**
+ * Read the full daemon-lock payload (or null if no daemon, corrupt lock,
+ * or the holder is dead). Used by the launcher to compare the daemon's
+ * reported moflo version against the installed package.json version
+ * (epic #1054 — kill stale daemons that survived `npm install moflo@new`).
+ */
+export function getDaemonLockPayload(projectRoot) {
+    const lock = lockPath(projectRoot);
+    if (!fs.existsSync(lock))
+        return null;
+    const existing = readLockPayload(lock);
+    if (!existing) {
+        safeUnlink(lock);
+        return null;
+    }
+    if (isProcessAlive(existing.pid) && isDaemonProcess(existing.pid)) {
+        return existing;
+    }
+    safeUnlink(lock);
+    return null;
+}
 /**
  * Check if the daemon lock is currently held by a live daemon.
  * Returns the holder PID or null.
@@ -183,6 +234,12 @@ function isProcessAlive(pid) {
  * to avoid accidentally allowing duplicates on exotic platforms.
  */
 export function isDaemonProcess(pid) {
+    // #1086: Windows execSync introspection (8s worst-case: tasklist 3s +
+    // powershell 5s) starves under parallel vitest workers and pushes tests
+    // past the 5s budget. Production never sets this env var.
+    if (process.env.MOFLO_TEST_TRUST_DAEMON_PID === '1') {
+        return true;
+    }
     try {
         if (process.platform === 'win32') {
             return isDaemonProcessWindows(pid);

package/dist/src/cli/services/daemon-memory-rpc.js

@@ -1,13 +1,18 @@
 /**
- * Daemon HTTP RPC for memory writes (#981 — single-writer architecture).
+ * Daemon HTTP RPC for memory writes + reads (#981 / #1058 — single-writer
+ * architecture and its read-side symmetry).
  *
- * Adds POST /api/memory/{store,delete,batch} to the existing daemon HTTP
- * server. The daemon process becomes the single authoritative writer when
- * these endpoints are called; other processes (CLI, MCP server) route
- * writes here via the daemon-write-client (Story #984).
+ * Adds POST /api/memory/{store,delete,batch,get,search,list} to the existing
+ * daemon HTTP server. The daemon becomes the single authoritative writer AND
+ * the single source-of-truth for reads when reachable; other processes (CLI,
+ * MCP server) route through the daemon-write-client (Story #984 / #1058) so
+ * they never serve stale rows from a per-process sql.js snapshot.
  *
- * Story #983 ships these endpoints purely additively — nothing in the
- * codebase calls them yet. Stories #985 / #986 wire consumer callers.
+ * Read endpoints (#1058): bridgeGetEntry/Search/List in a non-daemon process
+ * queries the bridge's in-memory snapshot loaded at process start. sql.js
+ * never re-reads disk, so any write by the daemon is invisible to that
+ * process until restart. Routing reads here lets every process see the
+ * daemon's authoritative state in real time.
  *
  * Loopback-only: the parent server binds 127.0.0.1, so no auth/CSRF.
  *
@@ -29,6 +34,8 @@ const NAMESPACE_PATTERN = /^[a-zA-Z0-9._-]{1,64}$/;
 const KEY_MAX_LENGTH = 256;
 /** Max ops per batch. Bounds memory + write time per request. */
 export const BATCH_MAX_OPS = 100;
+/** Cap on serialised `metadata` per op (#1064); 64 KB leaves room for a 100-op batch under {@link MEMORY_RPC_MAX_BODY_BYTES}. */
+const METADATA_MAX_BYTES = 64 * 1024;
 // ============================================================================
 // JSON body reader (size-capped, never throws)
 // ============================================================================
@@ -88,6 +95,37 @@ function isKey(key) {
 function isStringArray(value) {
     return Array.isArray(value) && value.every(v => typeof v === 'string');
 }
+/** Validate optional `metadata` and return the already-serialised string so the INSERT site doesn't re-stringify (#1064). */
+function validateMetadata(value) {
+    if (value === undefined)
+        return { ok: true, metadata: undefined };
+    if (typeof value === 'string') {
+        if (Buffer.byteLength(value, 'utf8') > METADATA_MAX_BYTES) {
+            return { ok: false, error: `metadata exceeds ${METADATA_MAX_BYTES} bytes` };
+        }
+        try {
+            JSON.parse(value);
+        }
+        catch {
+            return { ok: false, error: 'metadata string is not valid JSON' };
+        }
+        return { ok: true, metadata: value };
+    }
+    if (typeof value !== 'object' || value === null || Array.isArray(value)) {
+        return { ok: false, error: 'metadata must be a JSON object or stringified JSON' };
+    }
+    let serialised;
+    try {
+        serialised = JSON.stringify(value);
+    }
+    catch {
+        return { ok: false, error: 'metadata is not serialisable' };
+    }
+    if (Buffer.byteLength(serialised, 'utf8') > METADATA_MAX_BYTES) {
+        return { ok: false, error: `metadata exceeds ${METADATA_MAX_BYTES} bytes` };
+    }
+    return { ok: true, metadata: serialised };
+}
 function validateStorePayload(body) {
     if (typeof body !== 'object' || body === null)
         return { ok: false, error: 'body must be a JSON object' };
@@ -103,6 +141,9 @@ function validateStorePayload(body) {
     if (b.ttl !== undefined && (typeof b.ttl !== 'number' || !Number.isFinite(b.ttl) || b.ttl <= 0)) {
         return { ok: false, error: 'ttl must be a positive finite number (seconds)' };
     }
+    const metaResult = validateMetadata(b.metadata);
+    if (!metaResult.ok)
+        return { ok: false, error: metaResult.error };
     return {
         ok: true,
         op: {
@@ -111,6 +152,7 @@ function validateStorePayload(body) {
             value: b.value,
             tags: b.tags,
             ttl: b.ttl,
+            metadata: metaResult.metadata,
         },
     };
 }
@@ -124,6 +166,63 @@ function validateDeletePayload(body) {
         return { ok: false, error: 'invalid key' };
     return { ok: true, op: { namespace: b.namespace, key: b.key } };
 }
+function validateGetPayload(body) {
+    // Get takes the same shape as delete.
+    return validateDeletePayload(body);
+}
+/** Max query length for /api/memory/search — matches the existing memory_search MCP tool bound. */
+const MAX_SEARCH_QUERY_LENGTH = 4096;
+function validateSearchPayload(body) {
+    if (typeof body !== 'object' || body === null)
+        return { ok: false, error: 'body must be a JSON object' };
+    const b = body;
+    if (typeof b.query !== 'string' || b.query.length === 0) {
+        return { ok: false, error: 'query must be a non-empty string' };
+    }
+    if (b.query.length > MAX_SEARCH_QUERY_LENGTH) {
+        return { ok: false, error: `query exceeds ${MAX_SEARCH_QUERY_LENGTH} chars` };
+    }
+    // Namespace is optional; when provided must validate (allow 'all' for cross-NS search).
+    if (b.namespace !== undefined && b.namespace !== 'all' && !isNamespace(b.namespace)) {
+        return { ok: false, error: `invalid namespace (must match ${NAMESPACE_PATTERN}, 'all', or omitted)` };
+    }
+    if (b.limit !== undefined && (typeof b.limit !== 'number' || !Number.isInteger(b.limit) || b.limit <= 0 || b.limit > 1000)) {
+        return { ok: false, error: 'limit must be a positive integer ≤1000' };
+    }
+    if (b.threshold !== undefined && (typeof b.threshold !== 'number' || b.threshold < 0 || b.threshold > 1)) {
+        return { ok: false, error: 'threshold must be a number in [0, 1]' };
+    }
+    return {
+        ok: true,
+        op: {
+            query: b.query,
+            namespace: b.namespace,
+            limit: b.limit,
+            threshold: b.threshold,
+        },
+    };
+}
+function validateListPayload(body) {
+    // body may be empty for list-all; coerce null → {}.
+    const b = body && typeof body === 'object' ? body : {};
+    if (b.namespace !== undefined && !isNamespace(b.namespace)) {
+        return { ok: false, error: `invalid namespace (must match ${NAMESPACE_PATTERN} or be omitted)` };
+    }
+    if (b.limit !== undefined && (typeof b.limit !== 'number' || !Number.isInteger(b.limit) || b.limit <= 0 || b.limit > 10_000)) {
+        return { ok: false, error: 'limit must be a positive integer ≤10000' };
+    }
+    if (b.offset !== undefined && (typeof b.offset !== 'number' || !Number.isInteger(b.offset) || b.offset < 0)) {
+        return { ok: false, error: 'offset must be a non-negative integer' };
+    }
+    return {
+        ok: true,
+        op: {
+            namespace: b.namespace,
+            limit: b.limit,
+            offset: b.offset,
+        },
+    };
+}
 function validateBatchPayload(body) {
     if (typeof body !== 'object' || body === null)
         return { ok: false, error: 'body must be a JSON object' };
@@ -179,7 +278,13 @@ function valueToString(value) {
 /** Lazy import to avoid a circular dep with memory-initializer's heavy graph. */
 async function getMemoryFns() {
     const mod = await import('../memory/memory-initializer.js');
-    return { storeEntry: mod.storeEntry, deleteEntry: mod.deleteEntry };
+    return {
+        storeEntry: mod.storeEntry,
+        deleteEntry: mod.deleteEntry,
+        getEntry: mod.getEntry,
+        searchEntries: mod.searchEntries,
+        listEntries: mod.listEntries,
+    };
 }
 /**
  * POST /api/memory/store — write a single entry through the daemon's
@@ -209,13 +314,18 @@ export async function handleMemoryStore(req, res, memory) {
             namespace: v.op.namespace,
             tags: v.op.tags,
             ttl: v.op.ttl,
+            metadata: v.op.metadata,
             upsert: true,
         });
         if (!result.success) {
             sendJson(res, 500, { error: 'Store failed', message: result.error ?? 'unknown' });
             return;
         }
-        sendJson(res, 200, { ok: true, stored: true, id: result.id });
+        // #1065 — preserve the bridge's `embedding: { dimensions, model }` shape
+        // through the wire boundary. Without this, MCP `memory_store` reports
+        // `hasEmbedding: false` on every daemon-routed write that actually
+        // succeeded, and the doctor Memory Access check fails.
+        sendJson(res, 200, { ok: true, stored: true, id: result.id, embedding: result.embedding });
     }
     catch (err) {
         sendJson(res, 500, { error: 'Internal error', message: errorDetail(err) });
@@ -292,10 +402,13 @@ export async function handleMemoryBatch(req, res, memory) {
                     namespace: op.namespace,
                     tags: op.tags,
                     ttl: op.ttl,
+                    metadata: op.metadata,
                     upsert: true,
                 });
                 if (r.success) {
-                    results.push({ ok: true, id: r.id });
+                    // #1065 — same shape carry-through as /store: include embedding
+                    // so batch callers can report hasEmbedding accurately.
+                    results.push({ ok: true, id: r.id, embedding: r.embedding });
                 }
                 else {
                     results.push({ ok: false, error: r.error ?? 'unknown' });
@@ -320,6 +433,122 @@ export async function handleMemoryBatch(req, res, memory) {
     }
     sendJson(res, anyFailed ? 207 : 200, { ok: !anyFailed, results });
 }
+/**
+ * POST /api/memory/get — retrieve a single entry from the daemon's
+ * authoritative bridge. In a non-daemon process the bridge holds a stale
+ * sql.js snapshot from process-start time (#1058); routing the read here
+ * lets the daemon serve the up-to-date row.
+ */
+export async function handleMemoryGet(req, res, memory) {
+    if (!memory) {
+        sendJson(res, 503, { error: 'Memory accessor not attached' });
+        return;
+    }
+    const body = await readJsonBody(req);
+    if (body === null) {
+        sendJson(res, 400, { error: 'Invalid or oversized JSON body' });
+        return;
+    }
+    const v = validateGetPayload(body);
+    if (!v.ok) {
+        sendJson(res, 400, { error: 'Invalid get request', message: v.error });
+        return;
+    }
+    try {
+        const { getEntry } = await getMemoryFns();
+        const result = await getEntry({ key: v.op.key, namespace: v.op.namespace });
+        if (!result.success) {
+            sendJson(res, 500, { error: 'Get failed', message: result.error ?? 'unknown' });
+            return;
+        }
+        sendJson(res, 200, { ok: true, found: result.found, entry: result.entry });
+    }
+    catch (err) {
+        sendJson(res, 500, { error: 'Internal error', message: errorDetail(err) });
+    }
+}
+/**
+ * POST /api/memory/search — semantic vector search routed through the
+ * daemon's authoritative bridge.
+ */
+export async function handleMemorySearch(req, res, memory) {
+    if (!memory) {
+        sendJson(res, 503, { error: 'Memory accessor not attached' });
+        return;
+    }
+    const body = await readJsonBody(req);
+    if (body === null) {
+        sendJson(res, 400, { error: 'Invalid or oversized JSON body' });
+        return;
+    }
+    const v = validateSearchPayload(body);
+    if (!v.ok) {
+        sendJson(res, 400, { error: 'Invalid search request', message: v.error });
+        return;
+    }
+    try {
+        const { searchEntries } = await getMemoryFns();
+        const result = await searchEntries({
+            query: v.op.query,
+            namespace: v.op.namespace,
+            limit: v.op.limit,
+            threshold: v.op.threshold,
+        });
+        if (!result.success) {
+            sendJson(res, 500, { error: 'Search failed', message: result.error ?? 'unknown' });
+            return;
+        }
+        sendJson(res, 200, { ok: true, results: result.results, searchTime: result.searchTime });
+    }
+    catch (err) {
+        sendJson(res, 500, { error: 'Internal error', message: errorDetail(err) });
+    }
+}
+/**
+ * POST /api/memory/list — list entries via the daemon's bridge with optional
+ * namespace filter and pagination.
+ */
+export async function handleMemoryList(req, res, memory) {
+    if (!memory) {
+        sendJson(res, 503, { error: 'Memory accessor not attached' });
+        return;
+    }
+    const body = await readJsonBody(req);
+    // List allows an empty body (list-all default); a JSON-parse failure on a
+    // non-empty body is still a 400, but a literal empty body coerces to {}.
+    let parsed = body;
+    if (body === null) {
+        // Distinguish "empty body" from "invalid JSON" — readJsonBody returns null
+        // for both, so probe content-length to tell them apart.
+        const contentLength = parseInt(req.headers['content-length'] ?? '0', 10);
+        if (contentLength > 0) {
+            sendJson(res, 400, { error: 'Invalid or oversized JSON body' });
+            return;
+        }
+        parsed = {};
+    }
+    const v = validateListPayload(parsed);
+    if (!v.ok) {
+        sendJson(res, 400, { error: 'Invalid list request', message: v.error });
+        return;
+    }
+    try {
+        const { listEntries } = await getMemoryFns();
+        const result = await listEntries({
+            namespace: v.op.namespace,
+            limit: v.op.limit,
+            offset: v.op.offset,
+        });
+        if (!result.success) {
+            sendJson(res, 500, { error: 'List failed', message: result.error ?? 'unknown' });
+            return;
+        }
+        sendJson(res, 200, { ok: true, entries: result.entries, total: result.total });
+    }
+    catch (err) {
+        sendJson(res, 500, { error: 'Internal error', message: errorDetail(err) });
+    }
+}
 export function matchMemoryRpcRoute(url) {
     if (!url)
         return null;
@@ -330,6 +559,12 @@ export function matchMemoryRpcRoute(url) {
         return 'delete';
     if (path === '/api/memory/batch')
         return 'batch';
+    if (path === '/api/memory/get')
+        return 'get';
+    if (path === '/api/memory/search')
+        return 'search';
+    if (path === '/api/memory/list')
+        return 'list';
     return null;
 }
 //# sourceMappingURL=daemon-memory-rpc.js.map

package/dist/src/cli/services/embeddings-migration.js

@@ -15,9 +15,8 @@
  * @module cli/services/embeddings-migration
  */
 /* eslint-disable @typescript-eslint/no-explicit-any */
-import { mofloImport } from './moflo-require.js';
-import { atomicWriteFileSync } from './atomic-file-write.js';
 import { memoryDbPath } from './moflo-paths.js';
+import { openDaemonDatabase } from '../memory/daemon-backend.js';
 // EMBEDDINGS_VERSION is a number constant in a leaf types module — pulling it
 // eagerly is cheap. The heavy imports (fastembed wrapper, upgrade renderer,
 // etc.) stay deferred behind the early returns so session-start stays fast.
@@ -37,12 +36,11 @@ export async function runEmbeddingsMigrationIfNeeded(options = {}) {
     const dbPath = path.resolve(options.dbPath ?? memoryDbPath(process.cwd()));
     if (!fs.existsSync(dbPath))
         return false;
-    const initSqlJs = (await mofloImport('sql.js'))?.default;
-    if (!initSqlJs)
-        return false;
-    const SQL = await initSqlJs();
-    const buffer = fs.readFileSync(dbPath);
-    const db = new SQL.Database(buffer);
+    // node:sqlite via the unified factory (Phase 5 / #1084). The migration
+    // store runs UPDATE statements via the SAME handle, so WAL persists each
+    // re-embed incrementally — no need for the old atomicWriteFileSync at the
+    // end (which was the sql.js whole-file-dump that motivated #1078).
+    const db = openDaemonDatabase(dbPath);
     try {
         // Probe: only migrate DBs that carry the v3 memory_entries schema. The
         // old `embedding` column alone isn't enough — the migration writes back
@@ -105,10 +103,9 @@ export async function runEmbeddingsMigrationIfNeeded(options = {}) {
             },
         });
         if (summary.status === 'completed') {
-            // `db.export()` returns a Uint8Array; `writeFileSync` accepts it directly,
-            // so no Buffer.from() copy. Atomic temp-file + rename so SIGINT mid-write
-            // cannot truncate moflo.db — see atomic-file-write.ts.
-            atomicWriteFileSync(dbPath, db.export());
+            // node:sqlite + WAL persists each UPDATE incrementally — no whole-file
+            // dump at the end. Phase 5 (#1084) deleted the atomicWriteFileSync that
+            // used to live here; that pattern was the sql.js clobber vector.
             options.onMigrationComplete?.(summary.totalItemsMigrated);
             return true;
         }

package/dist/src/cli/services/ephemeral-namespace-purge.js

@@ -28,9 +28,8 @@
  */
 /* eslint-disable @typescript-eslint/no-explicit-any */
 import { PURGE_ON_SESSION_START_NAMESPACES, TASKLIST_RETENTION_CAP, } from '../memory/bridge-embedder.js';
-import { mofloImport } from './moflo-require.js';
-import { atomicWriteFileSync } from './atomic-file-write.js';
 import { memoryDbPath } from './moflo-paths.js';
+import { openDaemonDatabase } from '../memory/daemon-backend.js';
 /**
  * Hard-delete rows in {@link PURGE_ON_SESSION_START_NAMESPACES} and trim the
  * `tasklist` namespace to its retention cap, then VACUUM. Returns
@@ -45,12 +44,9 @@ export async function purgeEphemeralNamespaces(options = {}) {
     const dbPath = path.resolve(options.dbPath ?? memoryDbPath(process.cwd()));
     if (!fs.existsSync(dbPath))
         return { purged: 0, trimmed: 0 };
-    const initSqlJs = (await mofloImport('sql.js'))?.default;
-    if (!initSqlJs)
-        return { purged: 0, trimmed: 0 };
-    const SQL = await initSqlJs();
-    const buffer = fs.readFileSync(dbPath);
-    const db = new SQL.Database(buffer);
+    // node:sqlite via the unified factory (Phase 5 / #1084). WAL persists each
+    // DELETE/VACUUM incrementally; no atomicWriteFileSync needed.
+    const db = openDaemonDatabase(dbPath);
     try {
         // Probe: schema must carry `memory_entries`. Older / non-moflo DBs are
         // a no-op so we don't VACUUM unrelated SQLite files.
@@ -90,10 +86,9 @@ export async function purgeEphemeralNamespaces(options = {}) {
         }
         if (purged === 0 && trimmed === 0)
             return { purged: 0, trimmed: 0 };
-        // VACUUM has to run outside any open transaction; sql.js auto-commits
-        // each `db.run`, so this is safe to chain.
+        // VACUUM has to run outside any open transaction; node:sqlite/sql.js
+        // both auto-commit each `db.run`, so this is safe to chain.
         db.run('VACUUM');
-        atomicWriteFileSync(dbPath, db.export());
         return { purged, trimmed };
     }
     finally {