wogiflow 1.1.5 → 1.1.7

package/.claude/rules/security/security-patterns.md

@@ -141,3 +141,36 @@ execFileSync('sg', ['--pattern', pattern, '--lang', lang, '--json', path]);
 - Prefer `execFile`/`execFileSync` with array arguments over `exec`/`execSync` with template strings
 - When using template strings, escape all user-controlled values
 - Never interpolate user input directly into shell commands
+
+## 9. Temp Directory Isolation (Claude Code 2.1.23+)
+
+On shared systems (CI servers, multi-user machines), use per-user temp directories to prevent permission conflicts.
+
+**Fixed in Claude Code 2.1.23**: Per-user temp directory isolation prevents permission conflicts.
+
+```javascript
+// Good - per-user isolation
+const userId = process.getuid?.() ?? process.env.USER ?? process.env.USERNAME ?? 'default';
+const tempDir = path.join(os.tmpdir(), `myapp-${userId}`);
+
+// Bad - global temp path on shared systems
+const tempDir = path.join(os.tmpdir(), 'myapp');
+```
+
+**Best practices:**
+- Use UID on Unix systems (`process.getuid()`)
+- Fall back to username environment variables on Windows
+- Always provide a 'default' fallback for edge cases
+- This pattern is used in `flow-worktree.js` for worktree isolation
+
+## 10. Search/Grep Timeout Handling (Claude Code 2.1.23+)
+
+**Fixed in Claude Code 2.1.23**: Ripgrep search timeouts now report errors instead of silently returning empty results.
+
+**Impact on WogiFlow:** Component detection, auto-context loading, and pattern matching rely on search operations. Before 2.1.23, search timeouts could cause false negatives.
+
+**Best practices:**
+- Handle empty search results gracefully - they may indicate timeout
+- Add retry logic for search-dependent operations
+- Log warnings when searches return unexpectedly empty
+- Consider fallback strategies (glob-based search if grep fails)

package/.workflow/bridges/base-bridge.js

@@ -317,21 +317,49 @@ class BaseBridge {
 
   /**
    * Generate and write the main rules file (e.g., CLAUDE.md)
+   * @param {Object} options - Generation options
+   * @param {boolean} options.force - Force overwrite even if locally modified
    */
-  generateRulesFile() {
+  generateRulesFile(options = {}) {
     const config = this.readConfig();
     const content = this.generateRulesContent(config);
     const rulesFilePath = path.join(this.projectDir, this.getRulesFileName());
 
+    // Check for local modifications before overwriting
+    if (fs.existsSync(rulesFilePath) && !options.force) {
+      const existingContent = fs.readFileSync(rulesFilePath, 'utf-8');
+
+      // Check if file was manually modified (missing our generation marker)
+      const hasMarker = existingContent.includes('Generated by CLI Bridge');
+
+      if (!hasMarker) {
+        // File exists but wasn't generated by us - likely manually created/modified
+        this.log(`⚠️  ${this.getRulesFileName()} appears to be manually maintained (no generation marker)`);
+        this.log(`   Skipping to preserve local customizations. Use --force to overwrite.`);
+        return false;
+      }
+
+      // Check if content would actually change
+      if (existingContent === content) {
+        this.log(`${this.getRulesFileName()} is up to date`);
+        return true;
+      }
+
+      // File has our marker - safe to overwrite as it's generated content
+    }
+
     fs.writeFileSync(rulesFilePath, content, 'utf-8');
     this.log(`Generated ${this.getRulesFileName()}`);
+    return true;
   }
 
   /**
    * Run full sync: skills, rules, and CLI-specific setup
+   * @param {Object} options - Sync options
+   * @param {boolean} options.force - Force overwrite of locally modified files
    * @returns {Object} Sync result summary
    */
-  async sync() {
+  async sync(options = {}) {
     const startTime = Date.now();
     const results = {
       cliType: this.cliType,
@@ -371,10 +399,14 @@ class BaseBridge {
         results.errors.push({ step: 'knowledge-files', error: err.message });
       }
 
-      // 5. Generate rules file
+      // 5. Generate rules file (respects local modifications unless --force)
       try {
-        this.generateRulesFile();
-        results.synced.push('rules-file');
+        const generated = this.generateRulesFile({ force: options.force });
+        if (generated) {
+          results.synced.push('rules-file');
+        } else {
+          results.synced.push('rules-file-skipped');
+        }
       } catch (err) {
         results.errors.push({ step: 'rules-file', error: err.message });
       }
@@ -590,13 +622,18 @@ class BaseBridge {
    * @returns {string} Content with conditionals evaluated
    */
   processConditionals(content, config) {
-    const ifRegex = /\{\{#if\s+([^}]+)\}\}([\s\S]*?)\{\{\/if\}\}/g;
+    // Match INNERMOST conditionals first - those with no nested {{#if}} in body
+    // The negative lookahead (?!{{#if) ensures body contains no nested conditionals
+    const innerIfRegex = /\{\{#if\s+([^}]+)\}\}((?:(?!\{\{#if)[\s\S])*?)\{\{\/if\}\}/g;
 
     let lastContent;
+    let iterations = 0;
+    const maxIterations = 100; // Safety limit for deeply nested templates
+
     // Keep processing until no more changes (handles nested conditions)
     do {
       lastContent = content;
-      content = content.replace(ifRegex, (match, condition, body) => {
+      content = content.replace(innerIfRegex, (match, condition, body) => {
         let value;
         if (condition.startsWith('config.')) {
           value = this.getNestedValue(config, condition.replace('config.', ''));
@@ -607,7 +644,12 @@ class BaseBridge {
         }
         return value ? body : '';
       });
-    } while (content !== lastContent);
+      iterations++;
+    } while (content !== lastContent && iterations < maxIterations);
+
+    if (iterations >= maxIterations) {
+      this.log('Warning: Max iterations reached in processConditionals - possible malformed template');
+    }
 
     return content;
   }

package/.workflow/bridges/claude-bridge.js

@@ -419,7 +419,7 @@ Last synced: ${new Date().toISOString()}
       }
     }
 
-    return {
+    const settings = {
       permissions: {
         allow: wildcardPermissions,
       },
@@ -428,6 +428,20 @@ Last synced: ${new Date().toISOString()}
       _wogiFlowVersion: '2.0.0',
       _generatedAt: new Date().toISOString(),
     };
+
+    // Add spinnerVerbs if configured (requires Claude Code 2.1.23+)
+    const spinnerVerbs = config.hooks?.claudeCode?.spinnerVerbs;
+    if (Array.isArray(spinnerVerbs) && spinnerVerbs.length > 0) {
+      settings.spinnerVerbs = spinnerVerbs;
+    }
+
+    // Add spinnerTipsEnabled if explicitly set (default is true in Claude Code)
+    const spinnerTipsEnabled = config.hooks?.claudeCode?.spinnerTipsEnabled;
+    if (spinnerTipsEnabled === false) {
+      settings.spinnerTipsEnabled = false;
+    }
+
+    return settings;
   }
 
   /**
@@ -448,7 +462,7 @@ Last synced: ${new Date().toISOString()}
 
     const newSettings = this.generateSettings(config);
 
-    // Merge: keep existing hooks, use new permissions
+    // Merge: keep existing hooks, use new permissions and spinner settings
     const mergedSettings = {
       permissions: newSettings.permissions,
       respectGitignore: newSettings.respectGitignore,
@@ -458,6 +472,16 @@ Last synced: ${new Date().toISOString()}
       _generatedAt: newSettings._generatedAt,
     };
 
+    // Include spinnerVerbs if configured
+    if (newSettings.spinnerVerbs) {
+      mergedSettings.spinnerVerbs = newSettings.spinnerVerbs;
+    }
+
+    // Include spinnerTipsEnabled if explicitly disabled
+    if (newSettings.spinnerTipsEnabled === false) {
+      mergedSettings.spinnerTipsEnabled = false;
+    }
+
     fs.writeFileSync(settingsPath, JSON.stringify(mergedSettings, null, 2));
     this.log(`Synced settings.local.json with wildcard permissions (${newSettings.permissions.allow.length} rules)`);
 

package/.workflow/bridges/index.js

@@ -136,7 +136,8 @@ async function syncBridge(options = {}) {
     };
   }
 
-  return await bridge.sync();
+  // Pass through sync options (e.g., force: true to overwrite locally modified files)
+  return await bridge.sync({ force: options.force });
 }
 
 /**

package/README.md

@@ -19,14 +19,16 @@ npx flow bridge sync
 
 WogiFlow works with 6 AI coding CLIs. Use whichever you prefer - the workflow state is shared.
 
-| CLI | Enforcement | Rules File | Guide |
-|-----|-------------|------------|-------|
-| **Claude Code** | Hard (hooks) | `CLAUDE.md` | [Guide](.workflow/docs/cli-guides/claude-code.md) |
-| **Gemini CLI** | Hard (hooks) | `GEMINI.md` | [Guide](.workflow/docs/cli-guides/gemini-cli.md) |
-| **Cursor** | Mixed | `.cursor/rules/wogiflow.mdc` | [Guide](.workflow/docs/cli-guides/cursor.md) |
-| **OpenCode** | Hard (plugins) | `AGENTS.md` | [Guide](.workflow/docs/cli-guides/opencode.md) |
-| **Codex** | Soft (rules) | `AGENTS.md` | [Guide](.workflow/docs/cli-guides/codex.md) |
-| **Kimi** | Soft (rules) | `AGENTS.md` | [Guide](.workflow/docs/cli-guides/kimi.md) |
+| CLI | Enforcement | Rules File | Min Version | Guide |
+|-----|-------------|------------|-------------|-------|
+| **Claude Code** | Hard (hooks) | `CLAUDE.md` | **2.1.23+** | [Guide](.workflow/docs/cli-guides/claude-code.md) |
+| **Gemini CLI** | Hard (hooks) | `GEMINI.md` | - | [Guide](.workflow/docs/cli-guides/gemini-cli.md) |
+| **Cursor** | Mixed | `.cursor/rules/wogiflow.mdc` | - | [Guide](.workflow/docs/cli-guides/cursor.md) |
+| **OpenCode** | Hard (plugins) | `AGENTS.md` | - | [Guide](.workflow/docs/cli-guides/opencode.md) |
+| **Codex** | Soft (rules) | `AGENTS.md` | - | [Guide](.workflow/docs/cli-guides/codex.md) |
+| **Kimi** | Soft (rules) | `AGENTS.md` | - | [Guide](.workflow/docs/cli-guides/kimi.md) |
+
+> **Claude Code 2.1.23+ Recommended**: Includes critical fixes for per-user temp directory isolation (shared systems), async hook cancellation, and ripgrep timeout reporting. Earlier versions may experience silent search failures.
 
 **Enforcement levels:**
 - **Hard**: Blocks operations before execution (best protection)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "1.1.5",
+  "version": "1.1.7",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {

package/scripts/flow-bridge.js

@@ -190,6 +190,7 @@ function normalizeCliType(input) {
  */
 async function syncBridge(options = {}) {
   const verbose = options.verbose || process.argv.includes('--verbose') || process.argv.includes('-v');
+  const force = options.force || process.argv.includes('--force') || process.argv.includes('-f');
 
   // Check for CLI type argument (e.g., "flow bridge sync gemini")
   const cliTypeArg = process.argv[3];
@@ -219,6 +220,7 @@ async function syncBridge(options = {}) {
 
     const result = await bridges.syncBridge({
       verbose,
+      force,
       projectDir: PROJECT_ROOT,
       cliType: targetCliType
     });
@@ -271,11 +273,16 @@ switch (command) {
     console.log('  status           Show current bridge configuration');
     console.log('  list             List available CLI bridges');
     console.log('');
+    console.log('Options:');
+    console.log('  --force, -f      Overwrite locally modified rules files (CLAUDE.md, GEMINI.md, etc.)');
+    console.log('  --verbose, -v    Show detailed output');
+    console.log('');
     console.log('CLI Types:');
     console.log('  claude-code, gemini-cli (or gemini), cursor, opencode, codex, kimi');
     console.log('');
     console.log('Examples:');
     console.log('  flow bridge sync           # Sync default CLI from config');
     console.log('  flow bridge sync gemini    # Sync Gemini CLI specifically');
+    console.log('  flow bridge sync --force   # Force overwrite even if locally modified');
     process.exit(1);
 }

package/scripts/flow-health.js

@@ -38,6 +38,39 @@ const {
   checkSpecMigration
 } = require('./flow-utils');
 
+const { execSync } = require('child_process');
+
+/**
+ * Check Claude Code version and compare against minimum recommended (2.1.23)
+ * @returns {{ version: string|null, meetsMinimum: boolean }}
+ */
+function checkClaudeCodeVersion() {
+  try {
+    const output = execSync('claude --version 2>/dev/null || echo ""', {
+      encoding: 'utf-8',
+      stdio: ['pipe', 'pipe', 'pipe']
+    }).trim();
+
+    // Parse version from output like "claude 2.1.23" or "Claude Code 2.1.23"
+    const match = output.match(/(\d+\.\d+\.\d+)/);
+    if (!match) {
+      return { version: null, meetsMinimum: true };
+    }
+
+    const version = match[1];
+    const [major, minor, patch] = version.split('.').map(Number);
+
+    // Minimum recommended: 2.1.23
+    const meetsMinimum = major > 2 ||
+      (major === 2 && minor > 1) ||
+      (major === 2 && minor === 1 && patch >= 23);
+
+    return { version, meetsMinimum };
+  } catch {
+    return { version: null, meetsMinimum: true };
+  }
+}
+
 function main() {
   console.log(color('cyan', 'Wogi Flow Health Check'));
   console.log('========================');
@@ -90,6 +123,20 @@ function main() {
     issues++;
   }
 
+  // Check Claude Code version (if applicable)
+  if (cliType === 'claude-code') {
+    const versionCheck = checkClaudeCodeVersion();
+    if (versionCheck.version) {
+      if (versionCheck.meetsMinimum) {
+        console.log(`  ${color('green', '✓')} Claude Code version: ${versionCheck.version}`);
+      } else {
+        console.log(`  ${color('yellow', '○')} Claude Code version: ${versionCheck.version} (2.1.23+ recommended)`);
+        console.log(`    ${color('dim', '→ Older versions may have silent search failures and shared system issues')}`);
+        warnings++;
+      }
+    }
+  }
+
   // Check required directories
   console.log('');
   printSection('Checking directories...');

package/scripts/flow-utils.js

@@ -3024,6 +3024,101 @@ function checkSpecMigration() {
   return needsMigration;
 }
 
+// ============================================================
+// Safe Search Utilities (Claude Code 2.1.23+ compatibility)
+// ============================================================
+
+/**
+ * Perform a safe grep search with proper timeout and error handling.
+ * Returns results and metadata about search status.
+ *
+ * Before Claude Code 2.1.23, ripgrep timeouts would silently return empty results.
+ * This utility provides explicit handling for timeouts and errors.
+ *
+ * @param {string} pattern - Search pattern
+ * @param {Object} options - Search options
+ * @param {string} [options.path] - Directory to search (default: PROJECT_ROOT)
+ * @param {string[]} [options.extensions] - File extensions to include (e.g., ['ts', 'tsx'])
+ * @param {number} [options.timeout] - Timeout in ms (default: 10000)
+ * @param {number} [options.maxResults] - Maximum results to return (default: 50)
+ * @param {boolean} [options.caseInsensitive] - Case insensitive search (default: true)
+ * @returns {{ results: string[], timedOut: boolean, error: string|null }}
+ */
+function safeGrepSearch(pattern, options = {}) {
+  const { spawnSync } = require('child_process');
+
+  const searchPath = options.path || PROJECT_ROOT;
+  const extensions = options.extensions || ['ts', 'tsx', 'js', 'jsx'];
+  const timeout = options.timeout || 10000;
+  const maxResults = options.maxResults || 50;
+  const caseInsensitive = options.caseInsensitive !== false;
+
+  const args = ['-rl'];
+  if (caseInsensitive) args.push('-i');
+
+  // Add include patterns for extensions
+  for (const ext of extensions) {
+    args.push(`--include=*.${ext}`);
+  }
+
+  args.push(pattern, searchPath);
+
+  try {
+    const result = spawnSync('grep', args, {
+      encoding: 'utf-8',
+      timeout,
+      stdio: ['pipe', 'pipe', 'pipe']
+    });
+
+    // Check for timeout
+    if (result.signal === 'SIGTERM') {
+      return {
+        results: [],
+        timedOut: true,
+        error: `Search timed out after ${timeout}ms`
+      };
+    }
+
+    // Check for error (but exit code 1 just means no matches)
+    if (result.status > 1) {
+      return {
+        results: [],
+        timedOut: false,
+        error: result.stderr?.trim() || `grep exited with code ${result.status}`
+      };
+    }
+
+    const files = (result.stdout || '')
+      .split('\n')
+      .filter(f => f.trim())
+      .slice(0, maxResults);
+
+    return {
+      results: files,
+      timedOut: false,
+      error: null
+    };
+  } catch (err) {
+    // Handle ETIMEDOUT and other errors
+    const isTimeout = err.code === 'ETIMEDOUT' || err.killed;
+    return {
+      results: [],
+      timedOut: isTimeout,
+      error: isTimeout ? `Search timed out after ${timeout}ms` : err.message
+    };
+  }
+}
+
+/**
+ * Configuration defaults for search operations
+ */
+const SEARCH_DEFAULTS = {
+  timeout: 10000,        // 10 seconds
+  maxResults: 50,        // Maximum files to return
+  retryOnTimeout: true,  // Whether to retry with reduced scope on timeout
+  extensions: ['ts', 'tsx', 'js', 'jsx', 'vue', 'svelte']
+};
+
 // ============================================================
 // Exports
 // ============================================================
@@ -3172,6 +3267,10 @@ module.exports = {
   findTaskInAllLists,
   analyzeRequest,
   estimateComplexity,
+
+  // Safe Search (Claude Code 2.1.23+ compatibility)
+  safeGrepSearch,
+  SEARCH_DEFAULTS,
 };
 
 // ============================================================

package/scripts/flow-worktree.js

@@ -33,7 +33,19 @@ const { sanitizeCommitMessage } = require('./flow-security');
 // ============================================================
 
 const WORKTREE_PREFIX = 'wogi-task-';
-const WORKTREE_BASE_DIR = path.join(os.tmpdir(), 'wogi-worktrees');
+
+/**
+ * Get user-specific worktree base directory.
+ * Uses UID on Unix, username on Windows, with 'default' fallback.
+ * This prevents permission conflicts on shared systems (CI, multi-user machines).
+ * See: Claude Code 2.1.23 per-user temp directory isolation fix.
+ */
+function getWorktreeBaseDir() {
+  const userId = process.getuid?.() ?? process.env.USER ?? process.env.USERNAME ?? 'default';
+  return path.join(os.tmpdir(), `wogi-worktrees-${userId}`);
+}
+
+const WORKTREE_BASE_DIR = getWorktreeBaseDir();
 
 // ============================================================
 // Helper Functions