wogiflow 1.1.4 → 1.1.6

package/.claude/rules/security/security-patterns.md

@@ -141,3 +141,36 @@ execFileSync('sg', ['--pattern', pattern, '--lang', lang, '--json', path]);
 - Prefer `execFile`/`execFileSync` with array arguments over `exec`/`execSync` with template strings
 - When using template strings, escape all user-controlled values
 - Never interpolate user input directly into shell commands
+
+## 9. Temp Directory Isolation (Claude Code 2.1.23+)
+
+On shared systems (CI servers, multi-user machines), use per-user temp directories to prevent permission conflicts.
+
+**Fixed in Claude Code 2.1.23**: Per-user temp directory isolation prevents permission conflicts.
+
+```javascript
+// Good - per-user isolation
+const userId = process.getuid?.() ?? process.env.USER ?? process.env.USERNAME ?? 'default';
+const tempDir = path.join(os.tmpdir(), `myapp-${userId}`);
+
+// Bad - global temp path on shared systems
+const tempDir = path.join(os.tmpdir(), 'myapp');
+```
+
+**Best practices:**
+- Use UID on Unix systems (`process.getuid()`)
+- Fall back to username environment variables on Windows
+- Always provide a 'default' fallback for edge cases
+- This pattern is used in `flow-worktree.js` for worktree isolation
+
+## 10. Search/Grep Timeout Handling (Claude Code 2.1.23+)
+
+**Fixed in Claude Code 2.1.23**: Ripgrep search timeouts now report errors instead of silently returning empty results.
+
+**Impact on WogiFlow:** Component detection, auto-context loading, and pattern matching rely on search operations. Before 2.1.23, search timeouts could cause false negatives.
+
+**Best practices:**
+- Handle empty search results gracefully - they may indicate timeout
+- Add retry logic for search-dependent operations
+- Log warnings when searches return unexpectedly empty
+- Consider fallback strategies (glob-based search if grep fails)

package/.workflow/bridges/base-bridge.js

@@ -590,13 +590,18 @@ class BaseBridge {
    * @returns {string} Content with conditionals evaluated
    */
   processConditionals(content, config) {
-    const ifRegex = /\{\{#if\s+([^}]+)\}\}([\s\S]*?)\{\{\/if\}\}/g;
+    // Match INNERMOST conditionals first - those with no nested {{#if}} in body
+    // The negative lookahead (?!{{#if) ensures body contains no nested conditionals
+    const innerIfRegex = /\{\{#if\s+([^}]+)\}\}((?:(?!\{\{#if)[\s\S])*?)\{\{\/if\}\}/g;
 
     let lastContent;
+    let iterations = 0;
+    const maxIterations = 100; // Safety limit for deeply nested templates
+
     // Keep processing until no more changes (handles nested conditions)
     do {
       lastContent = content;
-      content = content.replace(ifRegex, (match, condition, body) => {
+      content = content.replace(innerIfRegex, (match, condition, body) => {
         let value;
         if (condition.startsWith('config.')) {
           value = this.getNestedValue(config, condition.replace('config.', ''));
@@ -607,7 +612,12 @@ class BaseBridge {
         }
         return value ? body : '';
       });
-    } while (content !== lastContent);
+      iterations++;
+    } while (content !== lastContent && iterations < maxIterations);
+
+    if (iterations >= maxIterations) {
+      this.log('Warning: Max iterations reached in processConditionals - possible malformed template');
+    }
 
     return content;
   }

package/.workflow/bridges/claude-bridge.js

@@ -419,7 +419,7 @@ Last synced: ${new Date().toISOString()}
       }
     }
 
-    return {
+    const settings = {
       permissions: {
         allow: wildcardPermissions,
       },
@@ -428,6 +428,20 @@ Last synced: ${new Date().toISOString()}
       _wogiFlowVersion: '2.0.0',
       _generatedAt: new Date().toISOString(),
     };
+
+    // Add spinnerVerbs if configured (requires Claude Code 2.1.23+)
+    const spinnerVerbs = config.hooks?.claudeCode?.spinnerVerbs;
+    if (Array.isArray(spinnerVerbs) && spinnerVerbs.length > 0) {
+      settings.spinnerVerbs = spinnerVerbs;
+    }
+
+    // Add spinnerTipsEnabled if explicitly set (default is true in Claude Code)
+    const spinnerTipsEnabled = config.hooks?.claudeCode?.spinnerTipsEnabled;
+    if (spinnerTipsEnabled === false) {
+      settings.spinnerTipsEnabled = false;
+    }
+
+    return settings;
   }
 
   /**
@@ -448,7 +462,7 @@ Last synced: ${new Date().toISOString()}
 
     const newSettings = this.generateSettings(config);
 
-    // Merge: keep existing hooks, use new permissions
+    // Merge: keep existing hooks, use new permissions and spinner settings
     const mergedSettings = {
       permissions: newSettings.permissions,
       respectGitignore: newSettings.respectGitignore,
@@ -458,6 +472,16 @@ Last synced: ${new Date().toISOString()}
       _generatedAt: newSettings._generatedAt,
     };
 
+    // Include spinnerVerbs if configured
+    if (newSettings.spinnerVerbs) {
+      mergedSettings.spinnerVerbs = newSettings.spinnerVerbs;
+    }
+
+    // Include spinnerTipsEnabled if explicitly disabled
+    if (newSettings.spinnerTipsEnabled === false) {
+      mergedSettings.spinnerTipsEnabled = false;
+    }
+
     fs.writeFileSync(settingsPath, JSON.stringify(mergedSettings, null, 2));
     this.log(`Synced settings.local.json with wildcard permissions (${newSettings.permissions.allow.length} rules)`);
 

package/.workflow/templates/claude-md.hbs

@@ -538,6 +538,38 @@ When corrected:
 - Individual records stored in `.workflow/corrections/` for searchable history
 - Aggregated patterns in `feedback-patterns.md` for AI context
 
+### Repeated Issue Detection (CRITICAL)
+
+**When you detect user frustration about a repeated issue, you MUST act immediately.**
+
+The user may express this in many ways:
+- "This keeps happening"
+- "I told you this before"
+- "You keep forgetting X"
+- "This failed again"
+- "How many times do I have to tell you"
+- Any indication of a recurring problem or previous instruction being ignored
+
+**Required response:**
+
+1. **Acknowledge** - Don't be defensive. The user's frustration is valid.
+
+2. **Investigate root cause** - Don't just fix the symptom:
+   - Why did this happen multiple times?
+   - What instruction or rule was missing?
+   - Check `decisions.md` and `feedback-patterns.md` for related issues
+
+3. **Persist the fix to `decisions.md`** - This is MANDATORY:
+   - Add a clear rule that prevents recurrence
+   - Include context about why it matters
+   - Add verification steps if applicable
+
+4. **Record in `feedback-patterns.md`** - Track the pattern with count and mark as promoted
+
+5. **Verify the fix** - Don't just write the rule; test that it works
+
+**Why this matters**: The user installed WogiFlow expecting an AI that learns and improves. Repeating the same mistakes breaks trust. Every repeated failure is a failure of the learning system itself.
+
 ### Improvement Placement
 
 Before implementing, determine scope:

package/README.md

@@ -19,14 +19,16 @@ npx flow bridge sync
 
 WogiFlow works with 6 AI coding CLIs. Use whichever you prefer - the workflow state is shared.
 
-| CLI | Enforcement | Rules File | Guide |
-|-----|-------------|------------|-------|
-| **Claude Code** | Hard (hooks) | `CLAUDE.md` | [Guide](.workflow/docs/cli-guides/claude-code.md) |
-| **Gemini CLI** | Hard (hooks) | `GEMINI.md` | [Guide](.workflow/docs/cli-guides/gemini-cli.md) |
-| **Cursor** | Mixed | `.cursor/rules/wogiflow.mdc` | [Guide](.workflow/docs/cli-guides/cursor.md) |
-| **OpenCode** | Hard (plugins) | `AGENTS.md` | [Guide](.workflow/docs/cli-guides/opencode.md) |
-| **Codex** | Soft (rules) | `AGENTS.md` | [Guide](.workflow/docs/cli-guides/codex.md) |
-| **Kimi** | Soft (rules) | `AGENTS.md` | [Guide](.workflow/docs/cli-guides/kimi.md) |
+| CLI | Enforcement | Rules File | Min Version | Guide |
+|-----|-------------|------------|-------------|-------|
+| **Claude Code** | Hard (hooks) | `CLAUDE.md` | **2.1.23+** | [Guide](.workflow/docs/cli-guides/claude-code.md) |
+| **Gemini CLI** | Hard (hooks) | `GEMINI.md` | - | [Guide](.workflow/docs/cli-guides/gemini-cli.md) |
+| **Cursor** | Mixed | `.cursor/rules/wogiflow.mdc` | - | [Guide](.workflow/docs/cli-guides/cursor.md) |
+| **OpenCode** | Hard (plugins) | `AGENTS.md` | - | [Guide](.workflow/docs/cli-guides/opencode.md) |
+| **Codex** | Soft (rules) | `AGENTS.md` | - | [Guide](.workflow/docs/cli-guides/codex.md) |
+| **Kimi** | Soft (rules) | `AGENTS.md` | - | [Guide](.workflow/docs/cli-guides/kimi.md) |
+
+> **Claude Code 2.1.23+ Recommended**: Includes critical fixes for per-user temp directory isolation (shared systems), async hook cancellation, and ripgrep timeout reporting. Earlier versions may experience silent search failures.
 
 **Enforcement levels:**
 - **Hard**: Blocks operations before execution (best protection)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "1.1.4",
+  "version": "1.1.6",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {

package/scripts/flow-health.js

@@ -38,6 +38,39 @@ const {
   checkSpecMigration
 } = require('./flow-utils');
 
+const { execSync } = require('child_process');
+
+/**
+ * Check Claude Code version and compare against minimum recommended (2.1.23)
+ * @returns {{ version: string|null, meetsMinimum: boolean }}
+ */
+function checkClaudeCodeVersion() {
+  try {
+    const output = execSync('claude --version 2>/dev/null || echo ""', {
+      encoding: 'utf-8',
+      stdio: ['pipe', 'pipe', 'pipe']
+    }).trim();
+
+    // Parse version from output like "claude 2.1.23" or "Claude Code 2.1.23"
+    const match = output.match(/(\d+\.\d+\.\d+)/);
+    if (!match) {
+      return { version: null, meetsMinimum: true };
+    }
+
+    const version = match[1];
+    const [major, minor, patch] = version.split('.').map(Number);
+
+    // Minimum recommended: 2.1.23
+    const meetsMinimum = major > 2 ||
+      (major === 2 && minor > 1) ||
+      (major === 2 && minor === 1 && patch >= 23);
+
+    return { version, meetsMinimum };
+  } catch {
+    return { version: null, meetsMinimum: true };
+  }
+}
+
 function main() {
   console.log(color('cyan', 'Wogi Flow Health Check'));
   console.log('========================');
@@ -90,6 +123,20 @@ function main() {
     issues++;
   }
 
+  // Check Claude Code version (if applicable)
+  if (cliType === 'claude-code') {
+    const versionCheck = checkClaudeCodeVersion();
+    if (versionCheck.version) {
+      if (versionCheck.meetsMinimum) {
+        console.log(`  ${color('green', '✓')} Claude Code version: ${versionCheck.version}`);
+      } else {
+        console.log(`  ${color('yellow', '○')} Claude Code version: ${versionCheck.version} (2.1.23+ recommended)`);
+        console.log(`    ${color('dim', '→ Older versions may have silent search failures and shared system issues')}`);
+        warnings++;
+      }
+    }
+  }
+
   // Check required directories
   console.log('');
   printSection('Checking directories...');

package/scripts/flow-utils.js

@@ -3024,6 +3024,101 @@ function checkSpecMigration() {
   return needsMigration;
 }
 
+// ============================================================
+// Safe Search Utilities (Claude Code 2.1.23+ compatibility)
+// ============================================================
+
+/**
+ * Perform a safe grep search with proper timeout and error handling.
+ * Returns results and metadata about search status.
+ *
+ * Before Claude Code 2.1.23, ripgrep timeouts would silently return empty results.
+ * This utility provides explicit handling for timeouts and errors.
+ *
+ * @param {string} pattern - Search pattern
+ * @param {Object} options - Search options
+ * @param {string} [options.path] - Directory to search (default: PROJECT_ROOT)
+ * @param {string[]} [options.extensions] - File extensions to include (e.g., ['ts', 'tsx'])
+ * @param {number} [options.timeout] - Timeout in ms (default: 10000)
+ * @param {number} [options.maxResults] - Maximum results to return (default: 50)
+ * @param {boolean} [options.caseInsensitive] - Case insensitive search (default: true)
+ * @returns {{ results: string[], timedOut: boolean, error: string|null }}
+ */
+function safeGrepSearch(pattern, options = {}) {
+  const { spawnSync } = require('child_process');
+
+  const searchPath = options.path || PROJECT_ROOT;
+  const extensions = options.extensions || ['ts', 'tsx', 'js', 'jsx'];
+  const timeout = options.timeout || 10000;
+  const maxResults = options.maxResults || 50;
+  const caseInsensitive = options.caseInsensitive !== false;
+
+  const args = ['-rl'];
+  if (caseInsensitive) args.push('-i');
+
+  // Add include patterns for extensions
+  for (const ext of extensions) {
+    args.push(`--include=*.${ext}`);
+  }
+
+  args.push(pattern, searchPath);
+
+  try {
+    const result = spawnSync('grep', args, {
+      encoding: 'utf-8',
+      timeout,
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+
+    // Check for timeout
+    if (result.signal === 'SIGTERM') {
+      return {
+        results: [],
+        timedOut: true,
+        error: `Search timed out after ${timeout}ms`
+      };
+    }
+
+    // Check for error (but exit code 1 just means no matches)
+    if (result.status > 1) {
+      return {
+        results: [],
+        timedOut: false,
+        error: result.stderr?.trim() || `grep exited with code ${result.status}`
+      };
+    }
+
+    const files = (result.stdout || '')
+      .split('\n')
+      .filter(f => f.trim())
+      .slice(0, maxResults);
+
+    return {
+      results: files,
+      timedOut: false,
+      error: null
+    };
+  } catch (err) {
+    // Handle ETIMEDOUT and other errors
+    const isTimeout = err.code === 'ETIMEDOUT' || err.killed;
+    return {
+      results: [],
+      timedOut: isTimeout,
+      error: isTimeout ? `Search timed out after ${timeout}ms` : err.message
+    };
+  }
+}
+
+/**
+ * Configuration defaults for search operations
+ */
+const SEARCH_DEFAULTS = {
+  timeout: 10000,        // 10 seconds
+  maxResults: 50,        // Maximum files to return
+  retryOnTimeout: true,  // Whether to retry with reduced scope on timeout
+  extensions: ['ts', 'tsx', 'js', 'jsx', 'vue', 'svelte']
+};
+
 // ============================================================
 // Exports
 // ============================================================
@@ -3172,6 +3267,10 @@ module.exports = {
   findTaskInAllLists,
   analyzeRequest,
   estimateComplexity,
+
+  // Safe Search (Claude Code 2.1.23+ compatibility)
+  safeGrepSearch,
+  SEARCH_DEFAULTS,
 };
 
 // ============================================================

package/scripts/flow-worktree.js

@@ -33,7 +33,19 @@ const { sanitizeCommitMessage } = require('./flow-security');
 // ============================================================
 
 const WORKTREE_PREFIX = 'wogi-task-';
-const WORKTREE_BASE_DIR = path.join(os.tmpdir(), 'wogi-worktrees');
+
+/**
+ * Get user-specific worktree base directory.
+ * Uses UID on Unix, username on Windows, with 'default' fallback.
+ * This prevents permission conflicts on shared systems (CI, multi-user machines).
+ * See: Claude Code 2.1.23 per-user temp directory isolation fix.
+ */
+function getWorktreeBaseDir() {
+  const userId = process.getuid?.() ?? process.env.USER ?? process.env.USERNAME ?? 'default';
+  return path.join(os.tmpdir(), `wogi-worktrees-${userId}`);
+}
+
+const WORKTREE_BASE_DIR = getWorktreeBaseDir();
 
 // ============================================================
 // Helper Functions