wogiflow 1.0.25 → 1.0.26

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "1.0.25",
+  "version": "1.0.26",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {

package/scripts/hooks/adapters/claude-code.js

@@ -21,6 +21,7 @@ const { PATHS } = require('../../flow-utils');
 const HOOK_TIMEOUTS = {
   SESSION_START: 10,      // Session initialization
   SETUP: 30,              // Project setup/onboarding
+  USER_PROMPT_SUBMIT: 5,  // Implementation gate check
   PRE_TOOL_USE: 5,        // Pre-edit checks (task gate, component check)
   POST_TOOL_USE: 60,      // Validation (linting, type checking)
   STOP: 5,                // Loop enforcement check
@@ -117,6 +118,8 @@ class ClaudeCodeAdapter extends BaseAdapter {
         return this.transformStop(coreResult);
       case 'SessionEnd':
         return this.transformSessionEnd(coreResult);
+      case 'UserPromptSubmit':
+        return this.transformUserPromptSubmit(coreResult);
       default:
         return { continue: true };
     }
@@ -321,6 +324,46 @@ Run: /wogi-start ${coreResult.nextTaskId}`;
     };
   }
 
+  /**
+   * Transform UserPromptSubmit result (implementation gate)
+   */
+  transformUserPromptSubmit(coreResult) {
+    // Blocked - prevent prompt processing with clear message
+    if (coreResult.blocked) {
+      return {
+        continue: false, // Block the prompt
+        systemMessage: coreResult.message || 'Implementation request blocked by Wogi Flow',
+        hookSpecificOutput: {
+          hookEventName: 'UserPromptSubmit',
+          decision: 'block',
+          reason: coreResult.reason,
+          suggestedAction: coreResult.suggestedAction
+        }
+      };
+    }
+
+    // Warning - allow but show message
+    if (coreResult.message && !coreResult.blocked) {
+      return {
+        continue: true,
+        systemMessage: coreResult.message,
+        hookSpecificOutput: {
+          hookEventName: 'UserPromptSubmit',
+          decision: 'warn',
+          reason: coreResult.reason
+        }
+      };
+    }
+
+    // Allowed
+    return {
+      continue: true,
+      hookSpecificOutput: {
+        hookEventName: 'UserPromptSubmit'
+      }
+    };
+  }
+
   /**
    * Generate Claude Code hook configuration
    */
@@ -350,12 +393,24 @@ Run: /wogi-start ${coreResult.nextTaskId}`;
       }];
     }
 
-    // PreToolUse hooks for Edit/Write
+    // UserPromptSubmit hook (implementation gate)
+    if (rules.implementationGate?.enabled !== false) {
+      hooks.UserPromptSubmit = [{
+        hooks: [{
+          type: 'command',
+          command: `node "${path.join(scriptsDir, 'user-prompt-submit.js')}"`,
+          timeout: HOOK_TIMEOUTS.USER_PROMPT_SUBMIT
+        }]
+      }];
+    }
+
+    // PreToolUse hooks for Edit/Write/TodoWrite
     const preToolUseMatchers = [];
 
-    if (rules.taskGating?.enabled !== false) {
+    // Task gating for Edit/Write + TodoWrite gating
+    if (rules.taskGating?.enabled !== false || rules.todoWriteGate?.enabled !== false) {
       preToolUseMatchers.push({
-        matcher: 'Edit|Write',
+        matcher: 'Edit|Write|TodoWrite',
         hooks: [{
           type: 'command',
           command: `node "${path.join(scriptsDir, 'pre-tool-use.js')}"`,

package/scripts/hooks/core/implementation-gate.js

@@ -0,0 +1,337 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - Implementation Gate (Core Module)
+ *
+ * Detects implementation requests from user prompts and blocks them
+ * if no active task exists. Guides users to /wogi-story or /wogi-start.
+ *
+ * Returns a standardized result that adapters transform for specific CLIs.
+ */
+
+const { getConfig } = require('../../flow-utils');
+const { getActiveTask } = require('./task-gate');
+
+/**
+ * Patterns that indicate an implementation request
+ * These should trigger the gate when no task is active
+ */
+// Maximum prompt length to process (prevent DoS)
+const MAX_PROMPT_LENGTH = 10000;
+
+const IMPLEMENTATION_PATTERNS = [
+  // Direct action verbs (bounded character classes to prevent ReDoS)
+  /\b(add|create|build|implement|make|write)\s+(a\s+)?[\w\s]{1,100}/i,
+  /\b(fix|repair|resolve|patch)\s+[\w\s]{0,50}(bug|issue|error|problem)/i,
+  /\b(fix|repair|resolve|patch)\s+(the\s+)?[\w]{1,50}/i,
+  /\b(update|modify|change|edit|refactor)\s+(the\s+)?[\w\s]{1,100}/i,
+  /\b(remove|delete|drop)\s+(the\s+)?[\w\s]{1,100}/i,
+  /\b(integrate|connect|hook\s+up)\s+[\w\s]{1,100}/i,
+
+  // Feature/component creation
+  /\b(new\s+)?(feature|component|module|service|hook|util)/i,
+  // Bounded pattern to prevent ReDoS (was: /\badd\s+.*\s+(to|into|for)\s+/i)
+  /\badd\s+[\w\s]{1,100}\s+(to|into|for)\s+/i,
+
+  // Task-like requests
+  /\bwe\s+need\s+(to\s+)?/i,
+  /\bshould\s+(add|create|implement|fix)/i,
+  /\blet'?s\s+(add|create|implement|fix|build)/i,
+  /\bcan\s+you\s+(add|create|implement|fix|build)/i,
+  /\bplease\s+(add|create|implement|fix|build)/i,
+
+  // Specific requests (bounded to prevent ReDoS - was using .*)
+  /\bmake\s+[\w\s]{1,100}\s+work/i,
+  /\bget\s+[\w\s]{1,100}\s+working/i,
+  /\bset\s+up\s+/i
+];
+
+/**
+ * Patterns that indicate exploration/questions (NOT implementation)
+ * These should NOT trigger the gate
+ */
+const EXPLORATION_PATTERNS = [
+  /\bwhat\s+(does|is|are|do)\b/i,
+  /\bhow\s+(does|do|can|to|would)\b/i,
+  /\bwhy\s+(does|do|is|are)\b/i,
+  /\bwhere\s+(is|are|do|does|can)\b/i,
+  /\bshow\s+me\b/i,
+  /\bexplain\b/i,
+  /\bdescribe\b/i,
+  /\blist\s+(all|the)\b/i,
+  /\bfind\s+(all|the|where)\b/i,
+  /\bsearch\s+(for|the)\b/i,
+  /\bread\s+(the|this)\b/i,
+  /\blook\s+(at|for|into)\b/i,
+  /\bunderstand\b/i,
+  /\banalyze\b/i,
+  /\breview\s+(the|this|my)/i,
+  /\bcheck\s+(if|whether|the)/i,
+  /\bcan\s+(claude|you)\s+(access|read|see)/i
+];
+
+/**
+ * WogiFlow command patterns that should always be allowed
+ */
+const WOGI_COMMAND_PATTERNS = [
+  /^\s*\/wogi-/i,
+  /^\s*\/flow\s+/i,
+  /\brun\s+(\/)?wogi-/i
+];
+
+/**
+ * Check if implementation gate should be enforced
+ * @returns {boolean}
+ */
+function isImplementationGateEnabled() {
+  const config = getConfig();
+
+  // Check hooks config first
+  if (config.hooks?.rules?.implementationGate?.enabled === false) {
+    return false;
+  }
+
+  // Fall back to enforcement config
+  if (config.enforcement?.strictMode === false) {
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Check if soft mode is enabled (warn instead of block)
+ * @returns {boolean}
+ */
+function isSoftModeEnabled() {
+  const config = getConfig();
+  return config.hooks?.rules?.implementationGate?.softMode === true ||
+         config.enforcement?.softMode === true;
+}
+
+/**
+ * Detect if prompt is a WogiFlow command (always allowed)
+ * @param {string} prompt
+ * @returns {boolean}
+ */
+function isWogiCommand(prompt) {
+  if (!prompt || typeof prompt !== 'string') return false;
+  return WOGI_COMMAND_PATTERNS.some(pattern => pattern.test(prompt));
+}
+
+/**
+ * Detect if prompt is primarily exploratory (questions, reading)
+ * @param {string} prompt
+ * @returns {boolean}
+ */
+function isExplorationRequest(prompt) {
+  if (!prompt || typeof prompt !== 'string') return false;
+
+  // Check if it matches exploration patterns
+  const matchesExploration = EXPLORATION_PATTERNS.some(pattern => pattern.test(prompt));
+
+  // Short prompts that are questions are exploratory
+  const isQuestion = prompt.trim().endsWith('?') && prompt.length < 200;
+
+  return matchesExploration || isQuestion;
+}
+
+/**
+ * Detect if prompt contains implementation intent
+ * @param {string} prompt
+ * @returns {{isImplementation: boolean, confidence: string, matches: string[]}}
+ */
+function detectImplementationIntent(prompt) {
+  if (!prompt || typeof prompt !== 'string') {
+    return { isImplementation: false, confidence: 'low', matches: [] };
+  }
+
+  const matches = [];
+
+  for (const pattern of IMPLEMENTATION_PATTERNS) {
+    const match = prompt.match(pattern);
+    if (match) {
+      matches.push(match[0]);
+    }
+  }
+
+  if (matches.length === 0) {
+    return { isImplementation: false, confidence: 'low', matches: [] };
+  }
+
+  // Determine confidence based on number and quality of matches
+  let confidence = 'low';
+  if (matches.length >= 3) {
+    confidence = 'high';
+  } else if (matches.length >= 1) {
+    // Check for strong signals
+    const hasStrongSignal = matches.some(m =>
+      /\b(add|create|implement|fix|build)\b/i.test(m)
+    );
+    confidence = hasStrongSignal ? 'high' : 'medium';
+  }
+
+  return { isImplementation: true, confidence, matches };
+}
+
+/**
+ * Check implementation gate for a user prompt
+ *
+ * @param {Object} options
+ * @param {string} options.prompt - User's input prompt
+ * @param {string} [options.source] - Source of prompt (manual, paste, etc.)
+ * @returns {Object} Result: { allowed, blocked, message, reason, confidence, suggestedAction }
+ */
+function checkImplementationGate(options = {}) {
+  const { prompt, source: _source } = options;
+
+  // Empty or invalid prompt - allow
+  if (!prompt || typeof prompt !== 'string' || prompt.trim().length === 0) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'empty_prompt'
+    };
+  }
+
+  // Truncate overly long prompts to prevent DoS via regex processing
+  const processedPrompt = prompt.length > MAX_PROMPT_LENGTH
+    ? prompt.slice(0, MAX_PROMPT_LENGTH)
+    : prompt;
+
+  // WogiFlow commands always allowed (check original prompt for commands)
+  if (isWogiCommand(prompt)) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'wogi_command'
+    };
+  }
+
+  // Check if gate is enabled
+  if (!isImplementationGateEnabled()) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'gate_disabled'
+    };
+  }
+
+  // Exploration requests always allowed (use truncated prompt for safety)
+  if (isExplorationRequest(processedPrompt)) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'exploration_request'
+    };
+  }
+
+  // Check for implementation intent (use truncated prompt for safety)
+  const { isImplementation, confidence, matches } = detectImplementationIntent(processedPrompt);
+
+  if (!isImplementation) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'no_implementation_intent'
+    };
+  }
+
+  // Has implementation intent - check for active task
+  const activeTask = getActiveTask();
+
+  if (activeTask) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      task: activeTask,
+      reason: 'task_active',
+      confidence,
+      matches
+    };
+  }
+
+  // No active task and implementation intent detected
+  const softMode = isSoftModeEnabled();
+
+  if (softMode) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: generateWarningMessage(prompt, confidence, matches),
+      reason: 'warn_only',
+      confidence,
+      suggestedAction: 'create-story',
+      matches
+    };
+  }
+
+  // Hard block
+  return {
+    allowed: false,
+    blocked: true,
+    message: generateBlockMessage(prompt, confidence, matches),
+    reason: 'no_active_task',
+    confidence,
+    suggestedAction: 'create-story',
+    matches
+  };
+}
+
+/**
+ * Generate warning message (soft mode)
+ */
+function generateWarningMessage(prompt, confidence, matches) {
+  const truncatedPrompt = prompt.length > 100 ? prompt.slice(0, 100) + '...' : prompt;
+  return `Warning: Implementation request detected (${confidence} confidence), but no WogiFlow task is active.
+
+Detected: ${matches.slice(0, 3).join(', ')}
+
+Consider using:
+- /wogi-ready to see available tasks
+- /wogi-start wf-XXXXXXXX to start an existing task
+- /wogi-story "${truncatedPrompt}" to create a new task`;
+}
+
+/**
+ * Generate block message (hard mode)
+ */
+function generateBlockMessage(prompt, confidence, matches) {
+  const truncatedPrompt = prompt.length > 80 ? prompt.slice(0, 80) + '...' : prompt;
+
+  return `BLOCKED: Implementation request detected, but no WogiFlow task is active.
+
+Detected implementation intent (${confidence} confidence):
+${matches.slice(0, 3).map(m => `  - "${m}"`).join('\n')}
+
+To proceed, use the WogiFlow workflow:
+1. /wogi-ready - see available tasks
+2. /wogi-start wf-XXXXXXXX - start an existing task
+3. /wogi-story "${truncatedPrompt}" - create a new task
+
+Why? WogiFlow ensures nothing gets missed:
+- Acceptance criteria are tracked
+- Changes are logged
+- Quality gates are enforced
+
+Copy your request and use: /wogi-story "your request"`;
+}
+
+module.exports = {
+  isImplementationGateEnabled,
+  isSoftModeEnabled,
+  isWogiCommand,
+  isExplorationRequest,
+  detectImplementationIntent,
+  checkImplementationGate,
+  generateWarningMessage,
+  generateBlockMessage,
+  IMPLEMENTATION_PATTERNS,
+  EXPLORATION_PATTERNS
+};

package/scripts/hooks/core/index.js

@@ -13,6 +13,8 @@ const componentCheck = require('./component-check');
 const sessionContext = require('./session-context');
 const setupCheck = require('./setup-check');
 const setupHandler = require('./setup-handler');
+const implementationGate = require('./implementation-gate');
+const todoWriteGate = require('./todowrite-gate');
 
 module.exports = {
   // Task Gating
@@ -41,5 +43,13 @@ module.exports = {
 
   // Setup Handler (Claude Code 2.1.10+)
   ...setupHandler,
-  setupHandler
+  setupHandler,
+
+  // Implementation Gate (blocks implementation requests without active task)
+  ...implementationGate,
+  implementationGate,
+
+  // TodoWrite Gate (blocks implementation todos without active task)
+  ...todoWriteGate,
+  todoWriteGate
 };

package/scripts/hooks/core/todowrite-gate.js

@@ -0,0 +1,349 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - TodoWrite Gate (Core Module)
+ *
+ * Distinguishes between implementation todos and workflow tracking todos.
+ * Blocks implementation todos when no active task exists.
+ *
+ * Implementation todos: "Create X component", "Add Y feature"
+ * Tracking todos: "Run tests", "Update request-log", "Commit changes"
+ *
+ * Returns a standardized result that adapters transform for specific CLIs.
+ */
+
+const { getConfig } = require('../../flow-utils');
+const { getActiveTask } = require('./task-gate');
+
+/**
+ * Patterns that indicate an implementation todo (should require active task)
+ */
+const IMPLEMENTATION_TODO_PATTERNS = [
+  // Creation patterns
+  /^(create|add|build|implement|make|write)\s+/i,
+  /^(new|design)\s+/i,
+
+  // Modification patterns
+  /^(fix|update|modify|change|edit|refactor)\s+/i,
+  /^(remove|delete|drop)\s+/i,
+
+  // Integration patterns
+  /^(integrate|connect|hook\s+up|wire\s+up)\s+/i,
+
+  // Component-specific
+  /\b(component|module|service|hook|util|function|class|interface)\b/i,
+
+  // Feature patterns
+  /\b(feature|functionality|capability)\b/i,
+
+  // File operation patterns that imply creation
+  /\b(file|page|screen|view|route)\b.*\b(for|to)\b/i
+];
+
+/**
+ * Patterns that indicate a workflow tracking todo (always allowed)
+ * These are WogiFlow workflow steps, not implementation
+ */
+const TRACKING_TODO_PATTERNS = [
+  // Testing and validation
+  /^run\s+(tests?|lint|typecheck|build|check)/i,
+  /^(test|verify|validate|check)\s+/i,
+  /^(execute|perform)\s+(tests?|validation)/i,
+
+  // Logging and documentation
+  /^update\s+(request-?log|app-?map|decision|progress)/i,
+  /^(log|record|document)\s+/i,
+  /^add\s+(to\s+)?(log|entry|record)/i,
+
+  // Version control
+  /^(commit|push|pull|merge|rebase)/i,
+  /^(stage|unstage|stash)/i,
+  /^git\s+/i,
+
+  // Review and cleanup
+  /^review\s+(changes?|code|implementation)/i,
+  /^clean\s+up/i,
+  /^(finalize|complete|finish)\s+(task|work)/i,
+
+  // WogiFlow specific
+  /^(mark|set)\s+(as\s+)?(complete|done|finished)/i,
+  /^close\s+(task|issue)/i,
+  /^(update|sync)\s+(state|status)/i,
+
+  // Reading/checking (non-modifying)
+  /^(read|check|look\s+at|review|inspect)\s+/i,
+  /^(verify|confirm|ensure)\s+/i,
+
+  // Quality gates
+  /^(pass|run)\s+(quality|lint|type)\s*(gate|check)?/i
+];
+
+/**
+ * Explicit allowlist - these are ALWAYS allowed regardless of patterns
+ */
+const ALWAYS_ALLOWED_TODOS = [
+  'run tests',
+  'run lint',
+  'run typecheck',
+  'run build',
+  'run quality gates',
+  'update request-log',
+  'update request log',
+  'update app-map',
+  'update app map',
+  'update decisions',
+  'update progress',
+  'commit changes',
+  'push changes',
+  'commit and push',
+  'verify changes',
+  'review code',
+  'mark as complete',
+  'close task'
+];
+
+/**
+ * Check if TodoWrite gate should be enforced
+ * @returns {boolean}
+ */
+function isTodoWriteGateEnabled() {
+  const config = getConfig();
+
+  // Check hooks config first
+  if (config.hooks?.rules?.todoWriteGate?.enabled === false) {
+    return false;
+  }
+
+  // Fall back to enforcement config
+  if (config.enforcement?.strictMode === false) {
+    return false;
+  }
+
+  return true;
+}
+
+/**
+ * Check if a single todo item is a tracking todo (always allowed)
+ * @param {string} content - Todo content
+ * @returns {boolean}
+ */
+function isTrackingTodo(content) {
+  if (!content || typeof content !== 'string') return false;
+
+  const normalizedContent = content.toLowerCase().trim();
+
+  // Check explicit allowlist first
+  for (const allowed of ALWAYS_ALLOWED_TODOS) {
+    if (normalizedContent === allowed || normalizedContent.startsWith(allowed)) {
+      return true;
+    }
+  }
+
+  // Check tracking patterns
+  return TRACKING_TODO_PATTERNS.some(pattern => pattern.test(content));
+}
+
+/**
+ * Check if a single todo item is an implementation todo (requires active task)
+ * @param {string} content - Todo content
+ * @returns {boolean}
+ */
+function isImplementationTodo(content) {
+  if (!content || typeof content !== 'string') return false;
+
+  // If it's a tracking todo, it's NOT an implementation todo
+  if (isTrackingTodo(content)) {
+    return false;
+  }
+
+  // Check implementation patterns
+  return IMPLEMENTATION_TODO_PATTERNS.some(pattern => pattern.test(content));
+}
+
+/**
+ * Classify a todo item
+ * @param {Object} todo - Todo object with content and status
+ * @returns {{type: string, reason: string}}
+ */
+function classifyTodo(todo) {
+  if (!todo || !todo.content) {
+    return { type: 'unknown', reason: 'no_content' };
+  }
+
+  const content = todo.content;
+
+  // Completed todos are always allowed (just tracking completion)
+  if (todo.status === 'completed') {
+    return { type: 'tracking', reason: 'completed_status' };
+  }
+
+  // Check if tracking
+  if (isTrackingTodo(content)) {
+    return { type: 'tracking', reason: 'tracking_pattern' };
+  }
+
+  // Check if implementation
+  if (isImplementationTodo(content)) {
+    return { type: 'implementation', reason: 'implementation_pattern' };
+  }
+
+  // Default to allowed (unknown todos don't block)
+  return { type: 'unknown', reason: 'no_pattern_match' };
+}
+
+/**
+ * Check TodoWrite gate for a TodoWrite call
+ *
+ * @param {Object} options
+ * @param {Array} options.todos - Array of todo items [{content, status, activeForm}]
+ * @returns {Object} Result: { allowed, blocked, message, reason, implementationTodos, trackingTodos }
+ */
+function checkTodoWriteGate(options = {}) {
+  const { todos } = options;
+
+  // No todos - allow
+  if (!todos || !Array.isArray(todos) || todos.length === 0) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'no_todos'
+    };
+  }
+
+  // Check if gate is enabled
+  if (!isTodoWriteGateEnabled()) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'gate_disabled'
+    };
+  }
+
+  // Classify all todos
+  const implementationTodos = [];
+  const trackingTodos = [];
+  const unknownTodos = [];
+
+  for (const todo of todos) {
+    const classification = classifyTodo(todo);
+    if (classification.type === 'implementation') {
+      implementationTodos.push({ ...todo, classification });
+    } else if (classification.type === 'tracking') {
+      trackingTodos.push({ ...todo, classification });
+    } else {
+      unknownTodos.push({ ...todo, classification });
+    }
+  }
+
+  // If no implementation todos, allow
+  if (implementationTodos.length === 0) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      reason: 'no_implementation_todos',
+      trackingTodos: trackingTodos.map(t => t.content),
+      unknownTodos: unknownTodos.map(t => t.content)
+    };
+  }
+
+  // Has implementation todos - check for active task
+  const activeTask = getActiveTask();
+
+  if (activeTask) {
+    return {
+      allowed: true,
+      blocked: false,
+      message: null,
+      task: activeTask,
+      reason: 'task_active',
+      implementationTodos: implementationTodos.map(t => t.content),
+      trackingTodos: trackingTodos.map(t => t.content)
+    };
+  }
+
+  // No active task and has implementation todos - check if blocking is enabled
+  const config = getConfig();
+  // Default to blocking (true), only disable if explicitly set to false
+  const blockingEnabled = config.hooks?.rules?.todoWriteGate?.blockImplementationWithoutTask !== false;
+
+  if (blockingEnabled) {
+    // Hard block mode
+    return {
+      allowed: false,
+      blocked: true,
+      message: generateBlockMessage(implementationTodos, trackingTodos),
+      reason: 'no_active_task',
+      implementationTodos: implementationTodos.map(t => t.content),
+      trackingTodos: trackingTodos.map(t => t.content)
+    };
+  }
+
+  // Warn-only mode (blockImplementationWithoutTask explicitly set to false)
+  return {
+    allowed: true,
+    blocked: false,
+    message: generateWarningMessage(implementationTodos, trackingTodos),
+    reason: 'warn_only',
+    implementationTodos: implementationTodos.map(t => t.content),
+    trackingTodos: trackingTodos.map(t => t.content)
+  };
+}
+
+/**
+ * Generate warning message
+ */
+function generateWarningMessage(implementationTodos, trackingTodos) {
+  return `Warning: TodoWrite contains implementation tasks but no WogiFlow task is active.
+
+Implementation todos detected:
+${implementationTodos.slice(0, 5).map(t => `  - ${t.content}`).join('\n')}
+
+Consider using /wogi-story to create a proper task.
+
+Tracking todos (always allowed):
+${trackingTodos.length > 0 ? trackingTodos.slice(0, 3).map(t => `  - ${t.content}`).join('\n') : '  (none)'}`;
+}
+
+/**
+ * Generate block message
+ */
+function generateBlockMessage(implementationTodos, _trackingTodos) {
+  const implList = implementationTodos.slice(0, 5).map(t => `  - ${t.content}`).join('\n');
+
+  return `BLOCKED: TodoWrite contains implementation tasks but no WogiFlow task is active.
+
+Implementation todos detected:
+${implList}
+
+Use WogiFlow instead:
+1. /wogi-ready - see available tasks
+2. /wogi-start wf-XXXXXXXX - start an existing task
+3. /wogi-story "description" - create a new task with these items
+
+Tracking todos (always allowed):
+  - Run tests, Run lint, Run typecheck
+  - Update request-log, Update app-map
+  - Commit changes, Push changes
+  - Verify, Review, Mark as complete
+
+Why? WogiFlow ensures:
+- Acceptance criteria are tracked
+- Changes are logged
+- Quality gates are enforced`;
+}
+
+module.exports = {
+  isTodoWriteGateEnabled,
+  isTrackingTodo,
+  isImplementationTodo,
+  classifyTodo,
+  checkTodoWriteGate,
+  generateWarningMessage,
+  generateBlockMessage,
+  IMPLEMENTATION_TODO_PATTERNS,
+  TRACKING_TODO_PATTERNS,
+  ALWAYS_ALLOWED_TODOS
+};

package/scripts/hooks/entry/claude-code/pre-tool-use.js

@@ -3,23 +3,56 @@
 /**
  * Wogi Flow - Claude Code PreToolUse Hook
  *
- * Called before Edit/Write tool execution.
- * Enforces task gating and component reuse checking.
+ * Called before Edit/Write/TodoWrite tool execution.
+ * Enforces task gating, component reuse checking, and TodoWrite gating.
  */
 
 const { checkTaskGate } = require('../../core/task-gate');
 const { checkComponentReuse } = require('../../core/component-check');
+const { checkTodoWriteGate } = require('../../core/todowrite-gate');
 const { claudeCodeAdapter } = require('../../adapters/claude-code');
 
+// Maximum stdin size to prevent DoS (100KB should be enough for tool inputs)
+const MAX_STDIN_SIZE = 100 * 1024;
+
 async function main() {
   try {
-    // Read input from stdin
+    // Read input from stdin with size limit
     let inputData = '';
+    let totalSize = 0;
     for await (const chunk of process.stdin) {
+      totalSize += chunk.length;
+      if (totalSize > MAX_STDIN_SIZE) {
+        inputData += chunk.slice(0, MAX_STDIN_SIZE - (totalSize - chunk.length));
+        break;
+      }
       inputData += chunk;
     }
 
-    const input = inputData ? JSON.parse(inputData) : {};
+    // Handle empty input gracefully
+    if (!inputData || inputData.trim().length === 0) {
+      console.log(JSON.stringify({
+        continue: true,
+        hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' }
+      }));
+      process.exit(0);
+      return;
+    }
+
+    // Parse JSON safely
+    let input;
+    try {
+      input = JSON.parse(inputData);
+    } catch (_parseErr) {
+      // Invalid JSON - allow through (graceful degradation)
+      console.log(JSON.stringify({
+        continue: true,
+        hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' }
+      }));
+      process.exit(0);
+      return;
+    }
+
     const parsedInput = claudeCodeAdapter.parseInput(input);
 
     const toolName = parsedInput.toolName;
@@ -44,6 +77,20 @@ async function main() {
       }
     }
 
+    // TodoWrite gating check (for TodoWrite)
+    if (toolName === 'TodoWrite') {
+      const todos = toolInput.todos || [];
+      coreResult = checkTodoWriteGate({ todos });
+
+      // If blocked by TodoWrite gating, return early
+      if (coreResult.blocked) {
+        const output = claudeCodeAdapter.transformResult('PreToolUse', coreResult);
+        console.log(JSON.stringify(output));
+        process.exit(0);
+        return;
+      }
+    }
+
     // Component reuse check (for Write only)
     if (toolName === 'Write' && filePath) {
       const componentResult = checkComponentReuse({
@@ -70,9 +117,14 @@ async function main() {
     console.log(JSON.stringify(output));
     process.exit(0);
   } catch (err) {
-    // Non-blocking error - allow operation to continue
-    console.error(`[Wogi Flow Hook Error] ${err.message}`);
-    // Exit 0 with allow to not block on hook errors (graceful degradation)
+    // Non-blocking error - allow operation to continue (graceful degradation)
+    // Log generic message to avoid leaking sensitive path information
+    if (process.env.DEBUG) {
+      console.error(`[Wogi Flow Hook Error] ${err.message}`);
+    } else {
+      console.error('[Wogi Flow Hook] Validation error occurred');
+    }
+    // Exit 0 with allow to not block on hook errors
     console.log(JSON.stringify({
       continue: true,
       hookSpecificOutput: {

package/scripts/hooks/entry/claude-code/user-prompt-submit.js

@@ -0,0 +1,87 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - Claude Code UserPromptSubmit Hook
+ *
+ * Called when user submits a prompt (before processing).
+ * Enforces implementation gate - blocks implementation requests without active task.
+ */
+
+const { checkImplementationGate } = require('../../core/implementation-gate');
+const { claudeCodeAdapter } = require('../../adapters/claude-code');
+
+// Maximum stdin size to prevent DoS (100KB should be more than enough for prompts)
+const MAX_STDIN_SIZE = 100 * 1024;
+
+async function main() {
+  try {
+    // Read input from stdin with size limit
+    let inputData = '';
+    let totalSize = 0;
+    for await (const chunk of process.stdin) {
+      totalSize += chunk.length;
+      if (totalSize > MAX_STDIN_SIZE) {
+        // Truncate at limit to prevent memory exhaustion
+        inputData += chunk.slice(0, MAX_STDIN_SIZE - (totalSize - chunk.length));
+        break;
+      }
+      inputData += chunk;
+    }
+
+    // Handle empty input gracefully
+    if (!inputData || inputData.trim().length === 0) {
+      console.log(JSON.stringify({ continue: true, hookSpecificOutput: { hookEventName: 'UserPromptSubmit' } }));
+      process.exit(0);
+      return;
+    }
+
+    // Parse JSON safely
+    let input;
+    try {
+      input = JSON.parse(inputData);
+    } catch (_parseErr) {
+      // Invalid JSON - allow through (graceful degradation)
+      console.log(JSON.stringify({ continue: true, hookSpecificOutput: { hookEventName: 'UserPromptSubmit' } }));
+      process.exit(0);
+      return;
+    }
+
+    const parsedInput = claudeCodeAdapter.parseInput(input);
+
+    const prompt = parsedInput.prompt;
+    const source = parsedInput.source;
+
+    // Check implementation gate
+    const coreResult = checkImplementationGate({
+      prompt,
+      source
+    });
+
+    // Transform to Claude Code format
+    const output = claudeCodeAdapter.transformResult('UserPromptSubmit', coreResult);
+
+    // Output JSON
+    console.log(JSON.stringify(output));
+    process.exit(0);
+  } catch (err) {
+    // Non-blocking error - allow prompt to continue (graceful degradation)
+    // Log generic message to avoid leaking sensitive path information
+    if (process.env.DEBUG) {
+      console.error(`[Wogi Flow Hook Error] ${err.message}`);
+    } else {
+      console.error('[Wogi Flow Hook] Validation error occurred');
+    }
+    // Exit 0 with continue:true to not block on hook errors
+    console.log(JSON.stringify({
+      continue: true,
+      hookSpecificOutput: {
+        hookEventName: 'UserPromptSubmit'
+      }
+    }));
+    process.exit(0);
+  }
+}
+
+// Handle stdin properly
+process.stdin.setEncoding('utf8');
+main();