moflo 4.9.37 → 4.10.0

package/bin/simplify-classify.cjs

@@ -45,34 +45,55 @@ const SECURITY_PATHS = [
   /(?:^|[\\\/])\.claude[\\\/]helpers[\\\/]gate/i,
 ];
 
-function safeExec(cmd) {
-  try { return execSync(cmd, { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }); }
-  catch { return ''; }
+function safeExec(cmd, opts) {
+  try {
+    return execSync(cmd, {
+      encoding: 'utf-8',
+      stdio: ['pipe', 'pipe', 'pipe'],
+      ...(opts && opts.cwd ? { cwd: opts.cwd } : {}),
+    });
+  } catch { return ''; }
 }
 
 // Detect the consumer's default branch. Hardcoding 'main' silently miscalibrates
 // classification on repos that use 'master', 'develop', etc. — empty diff →
 // TRIVIAL → gate stamps clean without any real review.
 let _cachedDefaultBranch = null;
-function detectDefaultBranch() {
-  if (_cachedDefaultBranch !== null) return _cachedDefaultBranch;
+function detectDefaultBranch(cwd) {
+  // Cache by cwd so tests probing multiple repos in-process don't return a
+  // single stale value; CLI use passes no cwd and benefits from the cache.
+  if (cwd === undefined && _cachedDefaultBranch !== null) return _cachedDefaultBranch;
+  const opts = cwd ? { cwd } : undefined;
 
   // Preferred: origin/HEAD points to whatever the remote considers default.
-  const symbolic = safeExec('git symbolic-ref --short refs/remotes/origin/HEAD').trim();
-  if (symbolic.startsWith('origin/')) return (_cachedDefaultBranch = symbolic.slice('origin/'.length));
+  const symbolic = safeExec('git symbolic-ref --short refs/remotes/origin/HEAD', opts).trim();
+  if (symbolic.startsWith('origin/')) {
+    const v = symbolic.slice('origin/'.length);
+    if (cwd === undefined) _cachedDefaultBranch = v;
+    return v;
+  }
 
   // Fallback: local init.defaultBranch (set by `git init -b <name>` or config).
-  const configured = safeExec('git config --get init.defaultBranch').trim();
-  if (configured) return (_cachedDefaultBranch = configured);
+  const configured = safeExec('git config --get init.defaultBranch', opts).trim();
+  if (configured) {
+    if (cwd === undefined) _cachedDefaultBranch = configured;
+    return configured;
+  }
 
   // Last resort: 'main' (most common modern default).
-  return (_cachedDefaultBranch = 'main');
+  if (cwd === undefined) _cachedDefaultBranch = 'main';
+  return 'main';
+}
+
+function _resetCacheForTest() {
+  _cachedDefaultBranch = null;
 }
 
-function readDiffFromGit(base) {
+function readDiffFromGit(base, cwd) {
+  const opts = cwd ? { cwd } : undefined;
   // Combined diff: committed-since-base + working-tree
-  const committed = safeExec(`git diff ${base}...HEAD`);
-  const working = safeExec('git diff HEAD');
+  const committed = safeExec(`git diff ${base}...HEAD`, opts);
+  const working = safeExec('git diff HEAD', opts);
   return committed + (working ? '\n' + working : '');
 }
 
@@ -206,9 +227,9 @@ function classifyDiff(diffText) {
   return decide(parseDiff(diffText));
 }
 
-function classifyFromGit(base) {
-  const resolved = base || detectDefaultBranch();
-  return classifyDiff(readDiffFromGit(resolved));
+function classifyFromGit(base, cwd) {
+  const resolved = base || detectDefaultBranch(cwd);
+  return classifyDiff(readDiffFromGit(resolved, cwd));
 }
 
 if (require.main === module) {
@@ -232,4 +253,4 @@ if (require.main === module) {
   }
 }
 
-module.exports = { parseDiff, decide, classifyDiff, classifyFromGit, detectDefaultBranch };
+module.exports = { parseDiff, decide, classifyDiff, classifyFromGit, detectDefaultBranch, _resetCacheForTest };

package/dist/src/cli/commands/daemon.js

@@ -14,6 +14,32 @@ import { spawn, execFileSync } from 'child_process';
 import { join, resolve } from 'path';
 import * as fs from 'fs';
 import { errorDetail } from '../shared/utils/error-detail.js';
+/**
+ * Resolve the dashboard port from CLI flag and env, in that precedence order.
+ *
+ * Precedence (highest first):
+ *   1. `--dashboard-port` flag (explicit caller intent)
+ *   2. `MOFLO_DAEMON_PORT` env (shared contract with `daemon-write-client.ts`)
+ *   3. `DEFAULT_DASHBOARD_PORT` (3117)
+ *
+ * The env fallback (#1067) eliminates the client/server asymmetry: prior to
+ * this, the client honored `MOFLO_DAEMON_PORT` but the server only read
+ * `--dashboard-port`. A consumer pinning the env (e.g. the smoke harness)
+ * would point clients at one port while the server bound the default.
+ *
+ * Exported for unit testing — the command handler calls this once per start.
+ */
+export function resolveDashboardPort(flagValue, envValue) {
+    const source = flagValue ?? envValue;
+    if (!source)
+        return { ok: true, port: DEFAULT_DASHBOARD_PORT };
+    const parsed = parseInt(source, 10);
+    if (isNaN(parsed) || parsed < 1 || parsed > 65535) {
+        const label = flagValue ? 'dashboard port' : 'MOFLO_DAEMON_PORT';
+        return { ok: false, error: `Invalid ${label}: ${source} (must be 1-65535)` };
+    }
+    return { ok: true, port: parsed };
+}
 // Start daemon subcommand
 const startCommand = {
     name: 'start',
@@ -43,16 +69,13 @@ const startCommand = {
         const rawDashboardPort = ctx.flags.dashboardPort;
         const projectRoot = process.cwd();
         const isDaemonProcess = process.env.CLAUDE_FLOW_DAEMON === '1';
-        // Parse dashboard port
-        let dashboardPort = DEFAULT_DASHBOARD_PORT;
-        if (rawDashboardPort) {
-            const parsed = parseInt(rawDashboardPort, 10);
-            if (isNaN(parsed) || parsed < 1 || parsed > 65535) {
-                output.printError(`Invalid dashboard port: ${rawDashboardPort} (must be 1-65535)`);
-                return { success: false, exitCode: 1 };
-            }
-            dashboardPort = parsed;
+        // Resolve dashboard port; see `resolveDashboardPort` for precedence.
+        const portResult = resolveDashboardPort(rawDashboardPort, process.env.MOFLO_DAEMON_PORT);
+        if (!portResult.ok) {
+            output.printError(portResult.error);
+            return { success: false, exitCode: 1 };
         }
+        const dashboardPort = portResult.port;
         // Parse resource threshold overrides from CLI flags
         const config = {};
         const rawMaxCpu = ctx.flags.maxCpuLoad;
@@ -433,9 +456,13 @@ const stopCommand = {
     },
 };
 /**
- * Kill background daemon process using lock file
+ * Kill background daemon process using lock file.
+ *
+ * Exported so `memory init --force` can stop the daemon before unlinking
+ * moflo.db — on Windows the daemon's open file handle otherwise blocks
+ * unlinkSync with EBUSY (#1098).
  */
-async function killBackgroundDaemon(projectRoot) {
+export async function killBackgroundDaemon(projectRoot) {
     const holderPid = getDaemonLockHolder(projectRoot);
     if (!holderPid) {
         // No live daemon — clean up any stale lock

package/dist/src/cli/commands/doctor-checks-coverage-truth.js

@@ -0,0 +1,136 @@
+/**
+ * Embedding Coverage Truth doctor check (epic #1054.S5 / #1059).
+ *
+ * Stricter complement to `checkEmbeddings`: any disagreement between
+ * `.moflo/vector-stats.json` and the live DB count fails the check and
+ * forces doctor to report the LOWER number. The existing check allowed a
+ * 20% skew tolerance — that tolerance is what let #1054.repro-1 keep saying
+ * 100% even after the daemon-tick clobber drove the live count below the
+ * cached count.
+ *
+ * @module cli/commands/doctor-checks-coverage-truth
+ */
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+import { memoryDbCandidatePaths } from '../services/moflo-paths.js';
+import { errorDetail } from '../shared/utils/error-detail.js';
+import { openDaemonDatabase } from '../memory/daemon-backend.js';
+async function liveEmbeddedRowCount(dbPath) {
+    // Read-only COUNT(*) — open via the unified factory so the engine choice
+    // is consistent with every other writer (Phase 5 / #1084).
+    try {
+        const db = openDaemonDatabase(dbPath);
+        try {
+            const res = db.exec("SELECT COUNT(*) FROM memory_entries WHERE status = 'active' AND embedding IS NOT NULL AND embedding != ''");
+            const cell = res?.[0]?.values?.[0]?.[0];
+            const n = typeof cell === 'number' ? cell : Number(cell ?? 0);
+            return Number.isFinite(n) ? n : null;
+        }
+        finally {
+            db.close();
+        }
+    }
+    catch {
+        return null;
+    }
+}
+function readCachedStats(cwd) {
+    const p = join(cwd, '.moflo', 'vector-stats.json');
+    if (!existsSync(p))
+        return null;
+    try {
+        const stats = JSON.parse(readFileSync(p, 'utf8'));
+        return {
+            vectorCount: typeof stats.vectorCount === 'number' ? stats.vectorCount : 0,
+            missing: typeof stats.missing === 'number' ? stats.missing : 0,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+export async function readCoverage(cwd = process.cwd()) {
+    const cached = readCachedStats(cwd);
+    const dbPath = memoryDbCandidatePaths(cwd).find((p) => existsSync(p)) ?? null;
+    const live = dbPath ? await liveEmbeddedRowCount(dbPath) : null;
+    return {
+        cached: cached?.vectorCount ?? null,
+        live,
+        missing: cached?.missing ?? null,
+    };
+}
+/**
+ * Refuses to report 100% when the on-disk cache disagrees with the live DB.
+ * Always reports the LOWER number with the discrepancy noted.
+ *
+ * Pass cases:
+ *   - No cache + no DB: nothing to compare, neutral pass
+ *   - Cache and live agree exactly
+ * Warn cases:
+ *   - Cache present but DB unreadable (sql.js missing, etc.) — defer to the
+ *     existing checkEmbeddings instead of double-warning
+ * Fail cases:
+ *   - Cache and live disagree → report the lower value, note discrepancy
+ */
+export async function checkEmbeddingCoverageTruth(cwd = process.cwd()) {
+    const name = 'Embedding Coverage Truth';
+    try {
+        const { cached, live, missing } = await readCoverage(cwd);
+        if (cached === null && live === null) {
+            return { name, status: 'pass', message: 'No memory database or cache yet — nothing to reconcile' };
+        }
+        if (cached !== null && live === null) {
+            // Cache exists but live count unreadable — checkEmbeddings owns the
+            // "DB unreadable" diagnosis; this check stays neutral so we don't
+            // double-warn.
+            return {
+                name,
+                status: 'pass',
+                message: `Cache reports ${cached} vectors (live count unverified — DB unreadable)`,
+            };
+        }
+        if (cached === null && live !== null) {
+            if (live === 0) {
+                // Cold-boot fresh-install state — no rows to vectorise, no cache to
+                // diverge from. The check is about coverage DRIFT; empty isn't drift.
+                return { name, status: 'pass', message: 'No embedded rows yet — nothing to reconcile' };
+            }
+            return {
+                name,
+                status: 'warn',
+                message: `Live DB has ${live} embedded rows but no .moflo/vector-stats.json cache exists`,
+                fix: 'node node_modules/moflo/bin/build-embeddings.mjs',
+            };
+        }
+        // Both readings present.
+        const cachedN = cached ?? 0;
+        const liveN = live ?? 0;
+        if (cachedN === liveN) {
+            const totalRows = liveN + (missing ?? 0);
+            const pct = totalRows > 0 ? Math.round((liveN / totalRows) * 100) : 100;
+            return {
+                name,
+                status: 'pass',
+                message: `${liveN} vectors confirmed live ${missing && missing > 0 ? `(${pct}% of ${totalRows}, ${missing} missing)` : '(100%)'}`,
+            };
+        }
+        const lower = Math.min(cachedN, liveN);
+        const direction = cachedN > liveN ? 'cache higher than DB' : 'DB higher than cache';
+        return {
+            name,
+            status: 'fail',
+            message: `Coverage mismatch: cache=${cachedN}, live=${liveN} (${direction}); ` +
+                `reporting the lower value ${lower}. ` +
+                `Likely cause: writer clobber or stale cache (#1054 bug class).`,
+            fix: 'node node_modules/moflo/bin/build-embeddings.mjs',
+        };
+    }
+    catch (e) {
+        return {
+            name,
+            status: 'warn',
+            message: `Unable to verify coverage: ${errorDetail(e, { firstLineOnly: true })}`,
+        };
+    }
+}
+//# sourceMappingURL=doctor-checks-coverage-truth.js.map

package/dist/src/cli/commands/doctor-checks-memory-access.js

@@ -22,10 +22,10 @@
  * Cleanup runs even on assertion failure so a fail doesn't leave orphaned
  * agents/hive workers.
  */
-import { existsSync, readFileSync, writeFileSync } from 'fs';
+import { existsSync } from 'fs';
 import { errorDetail } from '../shared/utils/error-detail.js';
-import { mofloImport } from '../services/moflo-require.js';
 import { memoryDbPath } from '../services/moflo-paths.js';
+import { findProjectRoot } from '../services/project-root.js';
 import { loadToolArrays, getTool, pushDetail, summarizeFunctional, } from './doctor-checks-functional-shared.js';
 const MEMORY_ACCESS_CHECK = 'Memory Access Functional';
 const MEMORY_ACCESS_FAIL_FIX = 'Run `flo doctor --json` for per-subcheck details. Common fixes: ensure fastembed installed (memory_store.hasEmbedding=false), explicit threshold:0 honored (#837), or rebuild HNSW index (`flo memory rebuild-index`)';
@@ -39,7 +39,14 @@ async function invokeOrThrow(tools, name, input) {
  * Run a memory_store + memory_search round-trip and append three details
  * (store, search, value-match). Returns the unique key/namespace used so the
  * caller can clean up. Never throws — assertion failures land in `details`.
+ *
+ * Exported (under `_` prefix) for the #1111 regression test that simulates
+ * the empty-HNSW race with a synthetic `memoryTools` array. Not part of the
+ * public doctor surface; use `checkMemoryAccessFunctional` from real callers.
  */
+export async function _runMemoryRoundTripForTest(ctx) {
+    return runMemoryRoundTrip(ctx);
+}
 async function runMemoryRoundTrip(ctx) {
     const stamp = `${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
     const key = `doctor-memprobe-${ctx.persona}-${stamp}`;
@@ -72,12 +79,21 @@ async function runMemoryRoundTrip(ctx) {
     // 2. memory_search with threshold=0 — must find the row we just stored.
     // threshold=0 is the explicit "no threshold" value (#837); regressions
     // there silently filter out matches even when the row is in the index.
+    //
+    // #1111: when search returns 0 results we do a literal-key fallback via
+    // memory_retrieve. On a fresh consumer install pretrain is still computing
+    // embeddings async, so the HNSW index can be empty (`0 vectors indexed`)
+    // even when the row IS in the DB. The check tests memory access, not
+    // embedding-index readiness — a successful literal retrieve demotes the
+    // search fail to a warn so the doctor surfaces the race without misreporting
+    // it as broken memory access.
     const searchMeta = {
         id: `${ctx.idPrefix}.memory_search`,
         mcpTool: 'memory_search',
-        expected: 'total>=1 with backend including HNSW',
+        expected: 'total>=1 via semantic search, OR row retrievable by key when HNSW is unpopulated',
     };
     let searchOut;
+    let hnswIndexEmpty = false;
     try {
         searchOut = (await invokeOrThrow(ctx.memoryTools, 'memory_search', {
             query: sentinel,
@@ -86,7 +102,23 @@ async function runMemoryRoundTrip(ctx) {
             limit: 5,
         }));
         const failReason = assertSearch(searchOut);
-        pushDetail(ctx.details, searchMeta, failReason ? searchOut : { total: searchOut?.total, backend: searchOut?.backend, topKey: searchOut?.results?.[0]?.key }, failReason);
+        if (failReason && searchOut?.total === 0) {
+            const retrievable = await literalKeyReachable(ctx.memoryTools, key, namespace);
+            if (retrievable) {
+                hnswIndexEmpty = true;
+                ctx.details.push({
+                    ...searchMeta, status: 'warn',
+                    observed: { total: 0, backend: searchOut.backend, literalRetrieve: 'found' },
+                    message: 'search returned 0 results despite threshold=0, but row IS reachable by key — HNSW index not yet populated (likely pretrain/embeddings race on fresh install; memory access path works, only the vector index is empty)',
+                });
+            }
+            else {
+                pushDetail(ctx.details, searchMeta, searchOut, failReason);
+            }
+        }
+        else {
+            pushDetail(ctx.details, searchMeta, failReason ? searchOut : { total: searchOut?.total, backend: searchOut?.backend, topKey: searchOut?.results?.[0]?.key }, failReason);
+        }
     }
     catch (err) {
         const detail = errorDetail(err, { firstLineOnly: true });
@@ -99,8 +131,21 @@ async function runMemoryRoundTrip(ctx) {
     // 3. The just-stored row must come back from search so callers can find
     // what they wrote. memory_search returns a 60-char content snippet, so
     // full-value verification belongs in the retrieve subcheck below.
-    const top = searchOut.results?.find(r => r.key === key);
-    pushDetail(ctx.details, { id: `${ctx.idPrefix}.search-finds-key`, mcpTool: 'memory_search', expected: `result containing key=${key}` }, top ? { topKey: top.key, similarity: top.similarity } : { allKeys: searchOut.results?.map(r => r.key) }, top ? null : `stored key ${key} not in results (got: ${searchOut?.results?.map(r => r.key).join(', ') ?? 'none'})`);
+    // When step 2 already observed the HNSW index as empty, the literal retrieve
+    // in step 4 covers reachability; mark this subcheck warn instead of double-
+    // failing on the same root cause.
+    if (hnswIndexEmpty) {
+        ctx.details.push({
+            id: `${ctx.idPrefix}.search-finds-key`, mcpTool: 'memory_search', status: 'warn',
+            observed: { hnswEmpty: true },
+            expected: `result containing key=${key} via semantic search`,
+            message: 'skipped semantic match — HNSW index empty (see memory_search subcheck); literal-key retrieve below covers reachability',
+        });
+    }
+    else {
+        const top = searchOut.results?.find(r => r.key === key);
+        pushDetail(ctx.details, { id: `${ctx.idPrefix}.search-finds-key`, mcpTool: 'memory_search', expected: `result containing key=${key}` }, top ? { topKey: top.key, similarity: top.similarity } : { allKeys: searchOut.results?.map(r => r.key) }, top ? null : `stored key ${key} not in results (got: ${searchOut?.results?.map(r => r.key).join(', ') ?? 'none'})`);
+    }
     // 4. memory_retrieve returns the full value (search content is truncated
     // to a 60-char snippet). Catches write clobber and namespace bleed — we
     // get back exactly what we wrote, not someone else's row at the same key.
@@ -163,6 +208,23 @@ async function safeDelete(memoryTools, key, namespace) {
     }
     catch { /* best-effort */ }
 }
+/**
+ * #1111: Probe whether a row is reachable via literal-key lookup. Used to
+ * distinguish a real memory-access failure (row missing) from the HNSW-empty
+ * race (row written, but vector index not yet populated by pretrain).
+ *
+ * Best-effort: a thrown handler or missing tool returns false rather than
+ * propagating, so the caller still reports the original search failure.
+ */
+async function literalKeyReachable(memoryTools, key, namespace) {
+    try {
+        const out = (await invokeOrThrow(memoryTools, 'memory_retrieve', { key, namespace }));
+        return out?.found === true;
+    }
+    catch {
+        return false;
+    }
+}
 /**
  * #1053 S2: probe `memory_get_neighbors` round-trip.
  *
@@ -171,13 +233,11 @@ async function safeDelete(memoryTools, key, namespace) {
  * the metadata-passthrough plumbing in S1), this probe fails BEFORE the
  * stub ships to consumers.
  *
- * Three chunks are stored via memory_store, then their `metadata` columns
- * are written directly via sql.js to inject chunk-shaped nav fields
- * (memory_store always sets metadata to '{}', so the chunker write path is
- * the only producer in steady state — bypass it here for an in-process
- * probe). The middle chunk's neighbors are then fetched and verified to
- * carry navigation back, proving S1 + S2 + the metadata column passthrough
- * survive end-to-end.
+ * Three chunks are stored via `memory_store` with the chunk-shaped metadata
+ * passed in-band (#1064 — the chokepoint now accepts `metadata` so producers
+ * no longer have to open their own DB handle). The middle chunk's neighbors
+ * are then fetched and verified to carry navigation back, proving S1 + S2 +
+ * the metadata column passthrough survive end-to-end.
  */
 async function probeMemoryGetNeighbors(memoryTools, details) {
     const tool = getTool(memoryTools, 'memory_get_neighbors');
@@ -204,14 +264,11 @@ async function probeMemoryGetNeighbors(memoryTools, details) {
     const prefix = `chunk-doctor-neighbors-${stamp}`;
     const chunkKeys = [`${prefix}-0`, `${prefix}-1`, `${prefix}-2`];
     const middleKey = chunkKeys[1];
-    // Seed three chunks via DIRECT sql.js write (skipping memory_store).
-    // Going through memory_store would warm the bridge's TieredCache with
-    // metadata='{}', and a follow-up direct UPDATE would race the bridge's
-    // writeback (sql.js dump-on-flush hazard, see
-    // feedback_sqljs_writeback_clobber.md). Writing straight to disk before
-    // the bridge ever sees these keys means memory_get_neighbors → getEntry
-    // hits fresh disk state and our injected metadata is what comes back.
-    const dbPath = memoryDbPath(process.cwd());
+    // Seed three chunks through `memory_store` with metadata in-band (#1064).
+    // The chokepoint now accepts `metadata`, so we no longer open our own
+    // node:sqlite handle here — the bridge's TieredCache stays consistent with
+    // disk, and the writer-audit no longer has to whitelist a probe-only bypass.
+    const dbPath = memoryDbPath(findProjectRoot());
     if (!existsSync(dbPath)) {
         details.push({
             id: 'neighbors.seed',
@@ -223,54 +280,53 @@ async function probeMemoryGetNeighbors(memoryTools, details) {
         });
         return { key: middleKey, namespace, chunkKeys };
     }
-    try {
-        const initSqlJs = (await mofloImport('sql.js')).default;
-        const SQL = await initSqlJs();
-        const db = new SQL.Database(readFileSync(dbPath));
-        const insert = db.prepare(`INSERT OR REPLACE INTO memory_entries
-        (id, key, namespace, content, type, tags, metadata, created_at, updated_at, status)
-       VALUES (?, ?, ?, ?, 'semantic', '[]', ?, ?, ?, 'active')`);
-        const now = Date.now();
-        for (let i = 0; i < chunkKeys.length; i++) {
-            const meta = {
-                type: 'chunk',
-                parentDoc: 'doc-doctor-neighbors',
-                parentPath: '/doctor-neighbors.md',
-                chunkIndex: i,
-                totalChunks: chunkKeys.length,
-                prevChunk: i > 0 ? chunkKeys[i - 1] : null,
-                nextChunk: i < chunkKeys.length - 1 ? chunkKeys[i + 1] : null,
-                siblings: chunkKeys,
-                hierarchicalParent: null,
-                hierarchicalChildren: null,
-                chunkTitle: `Doctor Probe Chunk ${i}`,
-                headerLevel: 2,
-                docContentHash: stamp,
-            };
-            insert.run([
-                `memprobe-neighbors-${stamp}-${i}`,
-                chunkKeys[i],
+    for (let i = 0; i < chunkKeys.length; i++) {
+        const meta = {
+            type: 'chunk',
+            parentDoc: 'doc-doctor-neighbors',
+            parentPath: '/doctor-neighbors.md',
+            chunkIndex: i,
+            totalChunks: chunkKeys.length,
+            prevChunk: i > 0 ? chunkKeys[i - 1] : null,
+            nextChunk: i < chunkKeys.length - 1 ? chunkKeys[i + 1] : null,
+            siblings: chunkKeys,
+            hierarchicalParent: null,
+            hierarchicalChildren: null,
+            chunkTitle: `Doctor Probe Chunk ${i}`,
+            headerLevel: 2,
+            docContentHash: stamp,
+        };
+        try {
+            const out = (await invokeOrThrow(memoryTools, 'memory_store', {
+                key: chunkKeys[i],
+                value: `chunk body ${i}`,
                 namespace,
-                `chunk body ${i}`,
-                JSON.stringify(meta),
-                now, now,
-            ]);
+                metadata: meta,
+            }));
+            if (!out?.success) {
+                details.push({
+                    id: 'neighbors.seed',
+                    mcpTool: 'memory_get_neighbors',
+                    status: 'fail',
+                    observed: { chunk: chunkKeys[i], error: out?.error ?? 'unknown' },
+                    expected: 'memory_store accepts chunk-shaped metadata in-band',
+                    message: `seed failed at chunk ${i}: ${out?.error ?? 'unknown'}`,
+                });
+                return { key: middleKey, namespace, chunkKeys };
+            }
+        }
+        catch (err) {
+            const msg = errorDetail(err, { firstLineOnly: true });
+            details.push({
+                id: 'neighbors.seed',
+                mcpTool: 'memory_get_neighbors',
+                status: 'fail',
+                observed: { error: msg },
+                expected: 'three chunk rows seeded via memory_store with chunk-shaped metadata',
+                message: `seed failed: ${msg}`,
+            });
+            return { key: middleKey, namespace, chunkKeys };
         }
-        insert.free();
-        writeFileSync(dbPath, Buffer.from(db.export()));
-        db.close();
-    }
-    catch (err) {
-        const msg = errorDetail(err, { firstLineOnly: true });
-        details.push({
-            id: 'neighbors.seed',
-            mcpTool: 'memory_get_neighbors',
-            status: 'fail',
-            observed: { error: msg },
-            expected: 'three chunk rows seeded with chunk-shaped metadata',
-            message: `seed failed: ${msg}`,
-        });
-        return { key: middleKey, namespace, chunkKeys };
     }
     // 3. The probe itself — fetch prev + next of the middle chunk.
     let result;
@@ -343,35 +399,39 @@ export async function checkMemoryAccessFunctional() {
     let spawnedAgentId;
     let hiveInitialized = false;
     try {
-        // ── Probe 0: memory_get_neighbors (#1053 S2) ──────────────────────────
-        // MUST RUN FIRST — before any memory_store call warms the bridge's
-        // in-memory sql.js snapshot. The probe injects chunk metadata via a
-        // direct file write to .moflo/moflo.db; once the bridge has loaded the
-        // DB into memory and done its first persist, external file writes are
-        // clobbered (sql.js dump-on-flush hazard, see
-        // feedback_sqljs_writeback_clobber.md). Running this probe first means
-        // the bridge instantiates AFTER our seed lands — its initial disk read
-        // sees our rows.
-        {
-            const probeResult = await probeMemoryGetNeighbors(memoryTools, details);
-            if (probeResult) {
-                const { namespace, chunkKeys } = probeResult;
-                for (const key of chunkKeys) {
-                    cleanups.push(() => safeDelete(memoryTools, key, namespace));
-                }
-            }
-        }
         // ── Probe 1: subagent context ─────────────────────────────────────────
         // The "subagent" path is what Claude's Task tool ends up calling: direct
         // MCP tools with no surrounding coordinator state. Failures here indicate
         // the memory subsystem itself is broken before we even get to coordinator
-        // interactions.
+        // interactions. Runs first so the bridge initializes `.moflo/moflo.db`
+        // (schema + first WAL commit) before the neighbors probe seeds chunks.
+        //
+        // Phase 4 (#1083) flipped the engine to node:sqlite + WAL: every
+        // node:sqlite connection on the same DB shares the WAL coherently, so
+        // the legacy "neighbors first or sql.js snapshot clobbers it" ordering
+        // is obsolete. Subagent first means moflo.db exists by the time the
+        // neighbors seed's `existsSync` gate runs (probe degraded to warn in
+        // the temp-dir test fixture before this reorder).
         {
             const { key, namespace } = await runMemoryRoundTrip({
                 persona: 'subagent', idPrefix: 'subagent', memoryTools, details,
             });
             cleanups.push(() => safeDelete(memoryTools, key, namespace));
         }
+        // ── Probe 0: memory_get_neighbors (#1053 S2) ──────────────────────────
+        // Seeds three chunk rows directly via the node:sqlite factory and asserts
+        // memory_get_neighbors returns the prev+next pair. Cross-engine clobber
+        // is no longer a concern under Phase 4 (#1083) — every writer on
+        // .moflo/moflo.db goes through node:sqlite + WAL.
+        {
+            const probeResult = await probeMemoryGetNeighbors(memoryTools, details);
+            if (probeResult) {
+                const { namespace, chunkKeys } = probeResult;
+                for (const key of chunkKeys) {
+                    cleanups.push(() => safeDelete(memoryTools, key, namespace));
+                }
+            }
+        }
         // ── Probe 2: swarm-agent context ──────────────────────────────────────
         // After `swarm_init` + `agent_spawn` the UnifiedSwarmCoordinator holds
         // live state. A regression that opens long-lived sql.js handles in the