wogiflow 1.0.12 → 1.0.13

package/scripts/flow-context-monitor.js

@@ -22,7 +22,8 @@ const {
   success,
   readFile,
   fileExists,
-  printHeader
+  printHeader,
+  safeJsonParse
 } = require('./flow-utils');
 
 // ============================================================
@@ -134,9 +135,71 @@ const DEFAULTS = {
   criticalAt: 0.85,   // 85% - critical threshold
   contextWindow: 200000, // Claude's context window
   checkOnSessionStart: true,
-  checkAfterTask: true
+  checkAfterTask: true,
+  // Tracking method: 'estimated' (default), 'native', or 'auto'
+  // - 'estimated': Uses token estimation from state files
+  // - 'native': Uses Claude Code's native tracking (v1.0.52+)
+  // - 'auto': Uses native if available, falls back to estimated
+  trackingMethod: 'auto'
 };
 
+// Path to native context info (written by Claude Code hooks if configured)
+const NATIVE_CONTEXT_FILE = path.join(STATE_DIR, 'context-info.json');
+
+/**
+ * Try to read native context info from Claude Code
+ * Returns null if not available
+ */
+function getNativeContextInfo() {
+  if (!fs.existsSync(NATIVE_CONTEXT_FILE)) {
+    return null;
+  }
+
+  // Use safeJsonParse for prototype pollution protection
+  const data = safeJsonParse(NATIVE_CONTEXT_FILE, null);
+  if (!data) {
+    return null;
+  }
+
+  // Check if data is recent (within last 5 minutes)
+  if (data.timestamp) {
+    const age = Date.now() - new Date(data.timestamp).getTime();
+    if (age > 5 * 60 * 1000) {
+      return null; // Data too old
+    }
+  }
+
+  // Validate required fields
+  if (typeof data.usedPercentage === 'number') {
+    return {
+      usedPercentage: data.usedPercentage,
+      remainingPercentage: data.remainingPercentage || (100 - data.usedPercentage),
+      timestamp: data.timestamp,
+      source: 'native'
+    };
+  }
+
+  return null;
+}
+
+/**
+ * Write native context info (called from hooks)
+ */
+function writeNativeContextInfo(usedPercentage, remainingPercentage) {
+  try {
+    const data = {
+      usedPercentage,
+      remainingPercentage,
+      timestamp: new Date().toISOString(),
+      source: 'claude-code'
+    };
+    fs.writeFileSync(NATIVE_CONTEXT_FILE, JSON.stringify(data, null, 2));
+    return true;
+  } catch (err) {
+    return false;
+  }
+}
+
 /**
  * Get context monitor configuration
  */
@@ -150,6 +213,7 @@ function getContextMonitorConfig() {
 
 /**
  * Check context health and return status
+ * Supports both native Claude Code tracking and estimated tracking
  */
 function checkContextHealth() {
   const config = getContextMonitorConfig();
@@ -160,21 +224,57 @@ function checkContextHealth() {
       currentTokens: 0,
       contextWindow: config.contextWindow,
       usage: 0,
-      recommendation: null
+      recommendation: null,
+      trackingMethod: 'disabled'
     };
   }
 
-  const { breakdown, total } = getContextBreakdown();
-  const usage = total / config.contextWindow;
+  // Determine tracking method
+  const trackingMethod = config.trackingMethod || 'auto';
+  let usage, total, breakdown, trackingSource;
+
+  // Try native tracking first (if configured)
+  if (trackingMethod === 'native' || trackingMethod === 'auto') {
+    const nativeInfo = getNativeContextInfo();
+    if (nativeInfo) {
+      usage = nativeInfo.usedPercentage / 100;
+      total = Math.round(usage * config.contextWindow);
+      breakdown = { 'native-tracking': total };
+      trackingSource = 'native';
+    }
+  }
+
+  // Fall back to estimated tracking
+  if (!trackingSource && (trackingMethod === 'estimated' || trackingMethod === 'auto')) {
+    const contextData = getContextBreakdown();
+    breakdown = contextData.breakdown;
+    total = contextData.total;
+    usage = total / config.contextWindow;
+    trackingSource = 'estimated';
+  }
+
+  // If native was required but not available
+  if (!trackingSource && trackingMethod === 'native') {
+    return {
+      status: 'unavailable',
+      currentTokens: 0,
+      contextWindow: config.contextWindow,
+      usage: 0,
+      usagePercent: 0,
+      recommendation: 'Native tracking not available. Run status line setup or switch to "estimated" mode.',
+      trackingMethod: 'native',
+      trackingSource: null
+    };
+  }
 
   let status, recommendation;
 
   if (usage >= config.criticalAt) {
     status = 'critical';
-    recommendation = 'Run /compact NOW to avoid context overflow';
+    recommendation = 'Run /wogi-compact NOW to avoid context overflow';
   } else if (usage >= config.warnAt) {
     status = 'warning';
-    recommendation = 'Consider running /compact soon';
+    recommendation = 'Consider running /wogi-compact soon';
   } else {
     status = 'healthy';
     recommendation = null;
@@ -191,7 +291,9 @@ function checkContextHealth() {
     thresholds: {
       warn: config.warnAt,
       critical: config.criticalAt
-    }
+    },
+    trackingMethod,
+    trackingSource
   };
 }
 
@@ -241,12 +343,29 @@ function showContextBreakdown() {
     healthy: 'green',
     warning: 'yellow',
     critical: 'red',
-    disabled: 'dim'
+    disabled: 'dim',
+    unavailable: 'yellow'
   };
   const statusColor = statusColors[health.status] || 'white';
   console.log(`Status: ${color(statusColor, health.status.toUpperCase())}`);
+
+  // Show tracking method
+  if (health.trackingSource) {
+    const sourceLabel = health.trackingSource === 'native' ? 'Claude Code Native' : 'Estimated';
+    console.log(`Tracking: ${color('dim', sourceLabel)}`);
+  }
   console.log('');
 
+  // Handle unavailable status
+  if (health.status === 'unavailable') {
+    console.log(color('yellow', 'Native tracking is configured but not available.'));
+    console.log(color('dim', 'Options:'));
+    console.log(color('dim', '  1. Run /wogi-statusline-setup to configure status line'));
+    console.log(color('dim', '  2. Set trackingMethod: "estimated" in config.json'));
+    console.log(color('dim', '  3. Set trackingMethod: "auto" to auto-fallback'));
+    return;
+  }
+
   // Progress bar
   const barWidth = 40;
   const filled = Math.min(Math.round(health.usage * barWidth), barWidth);
@@ -255,18 +374,23 @@ function showContextBreakdown() {
   console.log(`${health.currentTokens.toLocaleString()} / ${health.contextWindow.toLocaleString()} tokens`);
   console.log('');
 
-  // Breakdown
-  console.log(color('cyan', 'Breakdown:'));
-  const sortedBreakdown = Object.entries(health.breakdown)
-    .sort((a, b) => b[1] - a[1]);
+  // Breakdown (only show for estimated tracking)
+  if (health.trackingSource === 'estimated') {
+    console.log(color('cyan', 'Breakdown:'));
+    const sortedBreakdown = Object.entries(health.breakdown)
+      .sort((a, b) => b[1] - a[1]);
 
-  for (const [file, tokens] of sortedBreakdown) {
-    if (tokens > 0) {
-      const percent = Math.round((tokens / health.currentTokens) * 100);
-      console.log(`  ${file.padEnd(25)} ${tokens.toLocaleString().padStart(8)} tokens (${percent}%)`);
+    for (const [file, tokens] of sortedBreakdown) {
+      if (tokens > 0) {
+        const percent = Math.round((tokens / health.currentTokens) * 100);
+        console.log(`  ${file.padEnd(25)} ${tokens.toLocaleString().padStart(8)} tokens (${percent}%)`);
+      }
     }
+    console.log('');
+  } else if (health.trackingSource === 'native') {
+    console.log(color('dim', '(Native tracking - breakdown not available)'));
+    console.log('');
   }
-  console.log('');
 
   // Thresholds
   console.log(color('dim', `Thresholds: warn=${Math.round(health.thresholds.warn * 100)}%, critical=${Math.round(health.thresholds.critical * 100)}%`));
@@ -374,11 +498,16 @@ module.exports = {
   checkContextHealth,
   getContextMonitorConfig,
 
+  // Native tracking
+  getNativeContextInfo,
+  writeNativeContextInfo,
+
   // Warnings
   warnIfContextHigh,
   showContextBreakdown,
   getStatusLine,
 
   // Constants
-  DEFAULTS
+  DEFAULTS,
+  NATIVE_CONTEXT_FILE
 };

package/scripts/flow-damage-control.js

@@ -8,6 +8,10 @@
  *
  * Inspired by Hookify plugin patterns, adapted for multi-CLI compatibility.
  *
+ * LIMITATION: The 'prompt' event type's AI analysis hook is not yet implemented.
+ * Currently returns 'allow' for all prompts. See evaluatePromptWithAI() around line 734.
+ * TODO: Integrate with an AI API for prompt safety evaluation.
+ *
  * Usage:
  *   flow damage-control check "<command>"   Check if command is allowed
  *   flow damage-control event <type> <ctx>  Check event against rules
@@ -368,7 +372,7 @@ function loadPatterns() {
     parsed.rules = parsed.rules || [];
     return parsed;
   } catch (err) {
-    console.error(console.error('Error loading damage-control.yaml:', err.message));
+    console.error('Error loading damage-control.yaml:', err.message);
     return {
       rules: [],
       blocked: [],

package/scripts/flow-export-profile

@@ -26,7 +26,13 @@ show_help() {
     echo "  --rules          Include .claude/rules/ and decisions.md"
     echo "  --learnings      Include feedback-patterns.md and skill learnings"
     echo "  --templates      Include sanitized project.md and roadmap templates"
-    echo "  --full           Include everything (all categories)"
+    echo "  --full           Include everything (all categories + patterns)"
+    echo ""
+    echo "Pattern Extraction (NEW):"
+    echo "  --extract-patterns    Scan codebase and extract patterns"
+    echo "  --resolve-conflicts   Interactive conflict resolution (with --extract-patterns)"
+    echo "  --analysis-mode MODE  Analysis depth: balanced (default), deep"
+    echo "  --include-examples    Include code snippets as examples"
     echo ""
     echo "Legacy options:"
     echo "  --include-decisions    Include decisions.md only"
@@ -34,6 +40,7 @@ show_help() {
     echo ""
     echo "Examples:"
     echo "  flow export-profile my-team --full"
+    echo "  flow export-profile my-team --extract-patterns --resolve-conflicts"
     echo "  flow export-profile my-team --rules --learnings"
     echo "  flow export-profile my-team --include-decisions"
 }
@@ -46,12 +53,56 @@ fi
 PROFILE_NAME="$1"
 shift
 
+# Validate profile name to prevent path traversal
+if ! [[ "$PROFILE_NAME" =~ ^[a-zA-Z0-9_-]+$ ]]; then
+    echo -e "${RED}Error: Invalid profile name. Use only letters, numbers, underscores, and hyphens.${NC}"
+    exit 1
+fi
+
+# Safe JSON reading function (prevents code injection by using process.argv)
+safe_read_json() {
+    local file="$1"
+    local query="$2"
+    node -e '
+        const fs = require("fs");
+        const file = process.argv[1];
+        const query = process.argv[2];
+        try {
+            const content = fs.readFileSync(file, "utf-8");
+            // Check for prototype pollution attempts
+            if (/__proto__|constructor\s*["'"'"'`:]|prototype\s*["'"'"'`:]/i.test(content)) {
+                console.error("Suspicious content detected");
+                process.exit(1);
+            }
+            const p = JSON.parse(content);
+            // Safe property access based on query type
+            if (query === "conflicts.length") {
+                console.log(p.conflicts ? p.conflicts.length : 0);
+            } else if (query === "conflicts.json") {
+                console.log(JSON.stringify(p.conflicts, null, 2));
+            } else if (query === "recommendations.json") {
+                console.log(JSON.stringify(p.recommendations, null, 2));
+            } else {
+                console.error("Unknown query: " + query);
+                process.exit(1);
+            }
+        } catch(e) {
+            console.error(e.message);
+            process.exit(1);
+        }
+    ' -- "$file" "$query" 2>/dev/null
+}
+
 # Parse options
 INCLUDE_DECISIONS=false
 INCLUDE_APP_MAP=false
 INCLUDE_RULES=false
 INCLUDE_LEARNINGS=false
 INCLUDE_TEMPLATES=false
+EXTRACT_PATTERNS=false
+RESOLVE_CONFLICTS=false
+ANALYSIS_MODE="balanced"
+INCLUDE_EXAMPLES=false
 
 while [ $# -gt 0 ]; do
     case "$1" in
@@ -71,12 +122,26 @@ while [ $# -gt 0 ]; do
         --templates)
             INCLUDE_TEMPLATES=true
             ;;
+        --extract-patterns)
+            EXTRACT_PATTERNS=true
+            ;;
+        --resolve-conflicts)
+            RESOLVE_CONFLICTS=true
+            ;;
+        --analysis-mode)
+            shift
+            ANALYSIS_MODE="$1"
+            ;;
+        --include-examples)
+            INCLUDE_EXAMPLES=true
+            ;;
         --full)
             INCLUDE_DECISIONS=true
             INCLUDE_APP_MAP=true
             INCLUDE_RULES=true
             INCLUDE_LEARNINGS=true
             INCLUDE_TEMPLATES=true
+            EXTRACT_PATTERNS=true
             ;;
         *)
             echo -e "${RED}Unknown option: $1${NC}"
@@ -86,6 +151,9 @@ while [ $# -gt 0 ]; do
     shift
 done
 
+# Determine scripts directory
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
 # Create profiles directory
 mkdir -p "$PROFILES_DIR"
 
@@ -278,6 +346,105 @@ ROADMAP_EOF
     fi
 fi
 
+# ==========================================
+# PATTERN EXTRACTION (NEW)
+# ==========================================
+if [ "$EXTRACT_PATTERNS" = true ]; then
+    echo ""
+    echo -e "${YELLOW}Pattern Extraction:${NC}"
+
+    mkdir -p "$PROFILE_DIR/.workflow/extracted"
+
+    # Build extractor options
+    EXTRACTOR_OPTS="--format json --with-conflicts --analysis-mode $ANALYSIS_MODE"
+
+    # Run pattern extraction
+    echo -e "  ${DIM}Scanning codebase for patterns...${NC}"
+    PATTERNS_OUTPUT="$PROFILE_DIR/.workflow/extracted/patterns.json"
+
+    if node "$SCRIPT_DIR/flow-pattern-extractor.js" $EXTRACTOR_OPTS --output "$PATTERNS_OUTPUT" 2>/dev/null; then
+        echo -e "  ${GREEN}✓${NC} patterns.json"
+        CONTENTS="$CONTENTS\n- .workflow/extracted/patterns.json (extracted patterns)"
+
+        # Check for conflicts (using safe JSON parsing instead of require())
+        CONFLICT_COUNT=$(safe_read_json "$PATTERNS_OUTPUT" "conflicts.length" || echo "0")
+
+        if [ "$CONFLICT_COUNT" -gt 0 ]; then
+            echo -e "  ${YELLOW}!${NC} Found $CONFLICT_COUNT conflicts"
+
+            # Run conflict resolution if requested
+            if [ "$RESOLVE_CONFLICTS" = true ]; then
+                # Extract conflicts to temp file (using safe JSON parsing)
+                CONFLICTS_TEMP=$(mktemp)
+                safe_read_json "$PATTERNS_OUTPUT" "conflicts.json" > "$CONFLICTS_TEMP"
+
+                echo -e "  ${DIM}Launching conflict resolver...${NC}"
+
+                RESOLVED_OUTPUT="$PROFILE_DIR/.workflow/extracted/conflicts-resolved.json"
+                if node "$SCRIPT_DIR/flow-conflict-resolver.js" --input "$CONFLICTS_TEMP" --output "$RESOLVED_OUTPUT"; then
+                    echo -e "  ${GREEN}✓${NC} conflicts-resolved.json"
+                    CONTENTS="$CONTENTS\n- .workflow/extracted/conflicts-resolved.json (user resolutions)"
+                else
+                    echo -e "  ${YELLOW}!${NC} Conflict resolution skipped or cancelled"
+                fi
+
+                rm -f "$CONFLICTS_TEMP"
+            fi
+        else
+            echo -e "  ${GREEN}✓${NC} No conflicting patterns found"
+        fi
+
+        # Extract examples if requested
+        if [ "$INCLUDE_EXAMPLES" = true ]; then
+            mkdir -p "$PROFILE_DIR/.workflow/extracted/examples"
+
+            # Extract example snippets from patterns (using safe JSON parsing)
+            node -e "
+                const fs = require('fs');
+                const path = require('path');
+
+                try {
+                    const content = fs.readFileSync('$PATTERNS_OUTPUT', 'utf-8');
+                    // Check for prototype pollution attempts
+                    if (/__proto__|constructor\\s*[\"'\`:]|prototype\\s*[\"'\`:]/i.test(content)) {
+                        console.error('Suspicious content detected');
+                        process.exit(1);
+                    }
+                    const p = JSON.parse(content);
+
+                    let count = 0;
+                    for (const category in p.patterns) {
+                        for (const pattern of p.patterns[category] || []) {
+                            if (pattern.examples && pattern.examples.length > 0) {
+                                const filename = pattern.subcategory.replace(/\\./g, '-') + '.txt';
+                                const fileContent = pattern.name + '\\n' + '='.repeat(40) + '\\n\\n' +
+                                    pattern.examples.slice(0, 5).join('\\n');
+                                fs.writeFileSync(
+                                    path.join('$PROFILE_DIR/.workflow/extracted/examples', filename),
+                                    fileContent
+                                );
+                                count++;
+                            }
+                        }
+                    }
+                    console.log(count);
+                } catch(e) {
+                    console.error(e.message);
+                    process.exit(1);
+                }
+            " 2>/dev/null || true
+
+            EXAMPLE_COUNT=$(ls "$PROFILE_DIR/.workflow/extracted/examples/"*.txt 2>/dev/null | wc -l | tr -d ' ')
+            if [ "$EXAMPLE_COUNT" -gt 0 ]; then
+                echo -e "  ${GREEN}✓${NC} examples/ ($EXAMPLE_COUNT pattern examples)"
+                CONTENTS="$CONTENTS\n- .workflow/extracted/examples/ (code snippets)"
+            fi
+        fi
+    else
+        echo -e "  ${RED}✗${NC} Pattern extraction failed (continuing without patterns)"
+    fi
+fi
+
 # ==========================================
 # Create profile info file
 # ==========================================