v3.12.2 β kernel-panic fix + cve subcommand fix + hooks hardening
Bundled fixes
#2407 β daemon proliferation β kernel panic (CRITICAL)
Atomic O_EXCL lockfile in daemon.ts + dropped the shell & in init.ts:424. Race test verified: 5 concurrent daemon start β 1 surviving daemon (was 3-5+).
One real incident accumulated 39 zombie daemons holding ~8.5 GiB and contributed to a macOS kernel panic on June 15. No longer possible.
#2403 β security cve no longer a stub
Now delegates to npm audit --json (same GitHub Advisory DB source as security scan), extracts CVE IDs from via titles/URLs, supports --check CVE-XXXX-NNNN and --severity {critical,high,medium,low} filters. Local verify on this repo: 37 affected packages surfaced.
#2397 β .claude/helpers/* hooks hardening
Community contribution from @tjaiyen β 5 grounded bug fixes including real timeout via Promise.race (not the spurious "timer cleared on sync return" pattern), signal cleanup, truncation transparency, cross-platform slug normalization. 248+/49β across 8 files.
Dependabot bumps (3/5 merged cleanly)
@types/node20.19.41 β 20.19.43 in/v3/@claude-flow/browservitest4.1.6 β 4.1.9 in/v3/@claude-flow/browser+/plugins/ruflo-graph-intelligenceagent-browser0.27.0 β 0.27.3 in/v3/@claude-flow/browser
(#2384 + #2386 had merge conflicts; dependabot will rebase.)
Install
npx ruflo@3.12.2
# or
npm i ruflo@latestCompatibility
All 3 packages Γ 3 dist-tags published in lockstep:
@claude-flow/cli@3.12.2β latest, alpha, v3alphaclaude-flow@3.12.2β latest, alpha, v3alpharuflo@3.12.2β latest, alpha, v3alpha
No API breaking changes. Patch bump per CLAUDE.md publishing policy.
π€ Generated with RuFlo
