wogiflow 1.4.4 → 1.4.5

package/.claude/settings.json

@@ -115,6 +115,6 @@
     ]
   },
   "_wogiFlowManaged": true,
-  "_wogiFlowVersion": "1.0.0",
+  "_wogiFlowVersion": "1.4.5",
   "_comment": "Shared WogiFlow hook configuration. Committed to repo for team use. User-specific overrides go in settings.local.json."
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "1.4.4",
+  "version": "1.4.5",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {

package/scripts/hooks/adapters/claude-code.js

@@ -324,26 +324,27 @@ Run: /wogi-start ${coreResult.nextTaskId}`;
 
   /**
    * Transform UserPromptSubmit result (implementation gate + research gate)
+   *
+   * Claude Code UserPromptSubmit response format:
+   *   Block:   { decision: "block", reason: "..." }  (top-level fields)
+   *   Allow:   {} or omit decision
+   *   Context: { hookSpecificOutput: { hookEventName: "UserPromptSubmit", additionalContext: "..." } }
+   *
+   * NOTE: "continue: false" stops the entire session, NOT the individual prompt.
+   * Use "decision: block" to reject a single prompt.
    */
   transformUserPromptSubmit(coreResult) {
-    // Blocked - prevent prompt processing with clear message
+    // Blocked - reject the prompt using top-level decision field
     if (coreResult.blocked) {
       return {
-        continue: false, // Block the prompt
-        systemMessage: coreResult.message || 'Implementation request blocked by Wogi Flow',
-        hookSpecificOutput: {
-          hookEventName: 'UserPromptSubmit',
-          decision: 'block',
-          reason: coreResult.reason,
-          suggestedAction: coreResult.suggestedAction
-        }
+        decision: 'block',
+        reason: coreResult.message || 'Implementation request blocked by Wogi Flow'
       };
     }
 
     // Research protocol triggered - inject protocol steps as additional context
     if (coreResult.systemReminder) {
       return {
-        continue: true,
         hookSpecificOutput: {
           hookEventName: 'UserPromptSubmit',
           additionalContext: coreResult.systemReminder
@@ -351,26 +352,18 @@ Run: /wogi-start ${coreResult.nextTaskId}`;
       };
     }
 
-    // Warning - allow but show message
+    // Warning - allow but inject context with the warning message
     if (coreResult.message && !coreResult.blocked) {
       return {
-        continue: true,
-        systemMessage: coreResult.message,
         hookSpecificOutput: {
           hookEventName: 'UserPromptSubmit',
-          decision: 'warn',
-          reason: coreResult.reason
+          additionalContext: coreResult.message
         }
       };
     }
 
-    // Allowed
-    return {
-      continue: true,
-      hookSpecificOutput: {
-        hookEventName: 'UserPromptSubmit'
-      }
-    };
+    // Allowed - empty response means allow
+    return {};
   }
 
   /**

package/scripts/hooks/core/implementation-gate.js

@@ -3,8 +3,10 @@
 /**
  * Wogi Flow - Implementation Gate (Core Module)
  *
- * Detects implementation requests from user prompts and blocks them
- * if no active task exists. Guides users to /wogi-story or /wogi-start.
+ * Routes all user prompts through /wogi-start when no active task exists.
+ * Instead of blocking, injects context that makes Claude automatically
+ * invoke /wogi-start which handles AI-based routing (questions, bugs,
+ * features, operational tasks, etc.).
  *
  * Returns a standardized result that adapters transform for specific CLIs.
  */
@@ -51,10 +53,12 @@ const IMPLEMENTATION_PATTERNS = [
  * These should NOT trigger the gate
  */
 const EXPLORATION_PATTERNS = [
-  /\bwhat\s+(does|is|are|do)\b/i,
-  /\bhow\s+(does|do|can|to|would)\b/i,
-  /\bwhy\s+(does|do|is|are)\b/i,
-  /\bwhere\s+(is|are|do|does|can)\b/i,
+  /\bwhat\s+(does|is|are|do|did|should|would|could|can)\b/i,
+  /\bhow\s+(does|do|can|to|would|should|could|did)\b/i,
+  /\bwhy\s+(does|do|is|are|did|didn't|doesn't|don't|isn't|aren't|can't|won't|wouldn't|shouldn't|couldn't|hasn't|haven't|wasn't|weren't)\b/i,
+  /\bwhere\s+(is|are|do|does|can|did|should)\b/i,
+  /\bwho\s+(is|are|does|did|should|can)\b/i,
+  /\bwhen\s+(does|do|did|is|are|should|will)\b/i,
   /\bshow\s+me\b/i,
   /\bexplain\b/i,
   /\bdescribe\b/i,
@@ -67,7 +71,9 @@ const EXPLORATION_PATTERNS = [
   /\banalyze\b/i,
   /\breview\s+(the|this|my)/i,
   /\bcheck\s+(if|whether|the)/i,
-  /\bcan\s+(claude|you)\s+(access|read|see)/i
+  /\bcan\s+(claude|you)\s+(access|read|see)/i,
+  /\bit'?s\s+supposed\s+to\b/i,
+  /\bisn'?t\s+(it|that|this)\b/i
 ];
 
 /**
@@ -176,14 +182,6 @@ function isImplementationGateEnabled() {
   return true;
 }
 
-// NOTE: softMode is deprecated. Use hooks.rules.implementationGate.mode = 'warn' instead.
-// Kept for backwards compatibility - maps to mode='warn'
-function isSoftModeEnabled() {
-  const config = getConfig();
-  // Check legacy softMode, map to mode='warn'
-  return config.hooks?.rules?.implementationGate?.softMode === true ||
-         config.enforcement?.softMode === true;
-}
 
 /**
  * Detect if prompt is a WogiFlow command (always allowed)
@@ -206,11 +204,12 @@ function isExplorationRequest(prompt) {
   // Check if it matches exploration patterns
   const matchesExploration = matchesAnyPattern(prompt, EXPLORATION_PATTERNS);
 
-  // Short prompts that are questions are exploratory
-  // Check length BEFORE calling trim() to avoid processing long strings
-  const isQuestion = prompt.length < 200 && prompt.trim().endsWith('?');
+  // Prompts containing question marks are likely exploratory
+  // Check for '?' anywhere in the prompt (not just at end - multi-sentence prompts
+  // often have the question mid-text followed by additional context)
+  const hasQuestionMark = prompt.length < 500 && prompt.includes('?');
 
-  return matchesExploration || isQuestion;
+  return matchesExploration || hasQuestionMark;
 }
 
 /**
@@ -250,10 +249,19 @@ function detectImplementationIntent(prompt) {
 /**
  * Check implementation gate for a user prompt
  *
+ * v5.2: Simplified to a binary check: active task or not.
+ * No regex classification - /wogi-start handles routing with AI understanding.
+ *
+ * Flow:
+ * 1. Active task exists → allow (Claude works on the task)
+ * 2. /wogi-* command → allow (always pass through)
+ * 3. No active task → block (user must route through /wogi-start)
+ * 4. /wogi-start handles routing: questions proceed, implementation creates tasks
+ *
  * @param {Object} options
  * @param {string} options.prompt - User's input prompt
  * @param {string} [options.source] - Source of prompt (manual, paste, etc.)
- * @returns {Object} Result: { allowed, blocked, message, reason, confidence, suggestedAction }
+ * @returns {Object} Result: { allowed, blocked, message, reason }
  */
 function checkImplementationGate(options = {}) {
   const { prompt } = options;
@@ -268,12 +276,7 @@ function checkImplementationGate(options = {}) {
     };
   }
 
-  // Truncate overly long prompts to prevent DoS via regex processing
-  const processedPrompt = prompt.length > MAX_PROMPT_LENGTH
-    ? prompt.slice(0, MAX_PROMPT_LENGTH)
-    : prompt;
-
-  // WogiFlow commands always allowed (check original prompt for commands)
+  // WogiFlow commands always allowed (/wogi-start handles routing)
   if (isWogiCommand(prompt)) {
     return {
       allowed: true,
@@ -293,29 +296,7 @@ function checkImplementationGate(options = {}) {
     };
   }
 
-  // Exploration requests always allowed (use truncated prompt for safety)
-  if (isExplorationRequest(processedPrompt)) {
-    return {
-      allowed: true,
-      blocked: false,
-      message: null,
-      reason: 'exploration_request'
-    };
-  }
-
-  // Check for implementation intent (use truncated prompt for safety)
-  const { isImplementation, confidence, matches } = detectImplementationIntent(processedPrompt);
-
-  if (!isImplementation) {
-    return {
-      allowed: true,
-      blocked: false,
-      message: null,
-      reason: 'no_implementation_intent'
-    };
-  }
-
-  // Has implementation intent - check for active task
+  // Check for active task
   const activeTask = getActiveTask();
 
   if (activeTask) {
@@ -324,117 +305,56 @@ function checkImplementationGate(options = {}) {
       blocked: false,
       message: null,
       task: activeTask,
-      reason: 'task_active',
-      confidence,
-      matches
+      reason: 'task_active'
     };
   }
 
-  // No active task and implementation intent detected
-  // v4.2: Use 'mode' config as canonical control (softMode is deprecated fallback)
-  let config;
-  try {
-    config = getConfig();
-    // Defensive: ensure config is an object
-    if (!config || typeof config !== 'object') {
-      config = {};
-    }
-  } catch (err) {
-    // Config load failed - default to warn mode for safety
-    if (process.env.DEBUG) {
-      console.error(`[Implementation Gate] Config load failed: ${err.message}`);
-    }
-    config = {};
-  }
-
-  let mode = config.hooks?.rules?.implementationGate?.mode;
-
-  // Backward compatibility: if mode not set, check legacy softMode
-  if (!mode) {
-    const softMode = isSoftModeEnabled();
-    mode = softMode ? 'warn' : 'block';
-  }
-
-  if (mode === 'off') {
-    return {
-      allowed: true,
-      blocked: false,
-      message: null,
-      reason: 'gate_mode_off'
-    };
-  }
-
-  if (mode === 'warn') {
-    return {
-      allowed: true,
-      blocked: false,
-      message: generateRoutingMessage(prompt),
-      reason: 'route_to_wogi_start',
-      confidence,
-      suggestedAction: 'wogi-start',
-      matches
-    };
-  }
-
-  // Default: mode === 'block' - strict enforcement
+  // No active task - inject routing context so Claude automatically invokes /wogi-start
+  // /wogi-start will use AI understanding to decide:
+  //   Questions/exploration → proceed directly
+  //   Operational (git/npm) → execute directly
+  //   Implementation → create story/task first
+  //   Research → use zero-trust protocol
+  //   Bugs → investigate and fix properly
   return {
-    allowed: false,
-    blocked: true,
-    message: generateBlockingMessage(prompt),
-    reason: 'route_to_wogi_start',
-    confidence,
-    suggestedAction: 'wogi-start',
-    suggestedCommand: `/wogi-start "${truncatePrompt(prompt)}"`,
-    matches
+    allowed: true,
+    blocked: false,
+    systemReminder: generateRoutingContext(prompt),
+    reason: 'no_active_task_route'
   };
 }
 
 /**
- * Generate warning message (soft mode)
- */
-function generateWarningMessage(prompt) {
-  return `Warning: No active WogiFlow task.
-
-Consider: /wogi-start "${truncatePrompt(prompt)}"
-
-This will execute directly (git/npm/deploy) or create a story first (features/fixes).`;
-}
-
-/**
- * Generate routing message - instructs Claude to use /wogi-start
- * /wogi-start will intelligently decide what to do
+ * Generate routing context injected as additionalContext when no task is active.
+ * This makes Claude automatically invoke /wogi-start via the Skill tool,
+ * so the user never needs to type any command manually.
+ *
+ * /wogi-start handles ALL routing with AI understanding:
+ * - Questions → answered directly
+ * - Research → zero-trust research protocol
+ * - Operational (git, npm) → executed directly
+ * - Implementation → creates tracked task first
+ * - Bugs → investigation + tracked fix
  */
-function generateRoutingMessage(prompt) {
-  return `Route this request through /wogi-start.
+function generateRoutingContext(prompt) {
+  return `MANDATORY ROUTING — NO ACTIVE WOGIFLOW TASK
 
-Use: /wogi-start "${truncatePrompt(prompt)}"
+You MUST invoke the Skill tool with skill="wogi-start" and pass the user's FULL original prompt as args BEFORE doing anything else.
 
-/wogi-start will intelligently decide:
-- Execute directly if operational (git, npm, deploy, review, commit)
-- Create a story first if implementation (add feature, fix bug, refactor)`;
-}
-
-/**
- * @deprecated Use generateBlockingMessage instead. Kept for backwards compatibility.
- */
-function generateBlockMessage(prompt) {
-  return generateBlockingMessage(prompt);
-}
-
-/**
- * Generate blocking message (v4.2 strict enforcement)
- * This message appears when implementation is detected without active task
- */
-function generateBlockingMessage(prompt) {
-  return `Implementation request detected without active task.
+DO NOT:
+- Answer implementation questions directly
+- Create, edit, or write any files
+- Make assumptions about the codebase
+- Research or answer questions on your own (WogiFlow has a zero-trust research protocol)
+- Truncate or summarize the user's prompt
 
-To proceed, run:
-  /wogi-start "${truncatePrompt(prompt)}"
+DO:
+- Immediately invoke: Skill(skill="wogi-start", args="<user's full original prompt>")
+- Let /wogi-start classify and route: questions, research, bugs, features, operational tasks
+- Follow the workflow /wogi-start sets up
 
-WogiFlow will triage and decide:
-- If operational (git/npm/deploy) → execute directly
-- If small fix → execute + log for learning
-- If larger task → create story/bug first`;
+The user installed WogiFlow so ALL work goes through proper workflows with guardrails.
+Bypassing this is a workflow violation.`;
 }
 
 /**
@@ -506,7 +426,7 @@ function classifyRequest(prompt) {
 }
 
 module.exports = {
-  // Classification functions
+  // Classification functions (used by /wogi-start for routing, not for blocking)
   classifyRequest,
   detectImplementationIntent,
   isExplorationRequest,
@@ -514,21 +434,17 @@ module.exports = {
 
   // Gate status functions
   isImplementationGateEnabled,
-  isSoftModeEnabled,
   isWogiCommand,
 
   // Message generators
-  generateWarningMessage,
-  generateRoutingMessage,
-  generateBlockMessage,  // @deprecated - use generateBlockingMessage
-  generateBlockingMessage,
+  generateRoutingContext,
 
   // Utilities
   truncatePrompt,
   matchesAnyPattern,
   calculateConfidence,
 
-  // Pattern arrays (for testing and extension)
+  // Pattern arrays (used by classifyRequest for /wogi-start routing)
   IMPLEMENTATION_PATTERNS,
   EXPLORATION_PATTERNS,
   OPERATIONAL_PATTERNS,

package/scripts/hooks/entry/claude-code/pre-tool-use.js

@@ -15,6 +15,7 @@ const { checkComponentReuse } = require('../../core/component-check');
 const { checkTodoWriteGate } = require('../../core/todowrite-gate');
 const { claudeCodeAdapter } = require('../../adapters/claude-code');
 const { markSkillPending } = require('../../../flow-durable-session');
+const { safeJsonParseString } = require('../../../flow-utils');
 
 // Lazy-load strict adherence to avoid circular deps and startup cost
 let _strictAdherence = null;
@@ -57,12 +58,21 @@ async function main() {
       return;
     }
 
-    // Parse JSON safely
+    // Parse JSON safely with prototype pollution protection
     let input;
     try {
-      input = JSON.parse(inputData);
+      input = safeJsonParseString(inputData, null);
+      if (!input) {
+        // Invalid JSON - allow through (graceful degradation)
+        console.log(JSON.stringify({
+          continue: true,
+          hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' }
+        }));
+        process.exit(0);
+        return;
+      }
     } catch (_parseErr) {
-      // Invalid JSON - allow through (graceful degradation)
+      // Parse error - allow through (graceful degradation)
       console.log(JSON.stringify({
         continue: true,
         hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' }
@@ -201,19 +211,19 @@ async function main() {
     console.log(JSON.stringify(output));
     process.exit(0);
   } catch (err) {
-    // Non-blocking error - allow operation to continue (graceful degradation)
-    // Log generic message to avoid leaking sensitive path information
+    // Fail-closed: deny the tool use on hook errors to prevent untracked edits
+    // Users installed WogiFlow to enforce task tracking - failing open would bypass that
     if (process.env.DEBUG) {
       console.error(`[Wogi Flow Hook Error] ${err.message}`);
     } else {
       console.error('[Wogi Flow Hook] Validation error occurred');
     }
-    // Exit 0 with allow to not block on hook errors
     console.log(JSON.stringify({
       continue: true,
       hookSpecificOutput: {
         hookEventName: 'PreToolUse',
-        permissionDecision: 'allow'
+        permissionDecision: 'deny',
+        permissionDecisionReason: 'WogiFlow validation error. Please check your setup or use /wogi-start.'
       }
     }));
     process.exit(0);
@@ -222,4 +232,24 @@ async function main() {
 
 // Handle stdin properly
 process.stdin.setEncoding('utf8');
-main();
+
+// Must await async main() to prevent race conditions
+(async () => {
+  try {
+    await main();
+  } catch (err) {
+    // Fail-closed: deny on unexpected errors
+    if (process.env.DEBUG) {
+      console.error(`[Wogi Flow Hook] Unexpected error: ${err.message}`);
+    }
+    console.log(JSON.stringify({
+      continue: true,
+      hookSpecificOutput: {
+        hookEventName: 'PreToolUse',
+        permissionDecision: 'deny',
+        permissionDecisionReason: 'WogiFlow hook error. Use /wogi-start to route your request.'
+      }
+    }));
+    process.exit(0);
+  }
+})();

package/scripts/hooks/entry/claude-code/user-prompt-submit.js

@@ -154,19 +154,16 @@ async function main() {
     console.log(JSON.stringify(output));
     process.exit(0);
   } catch (err) {
-    // Non-blocking error - allow prompt to continue (graceful degradation)
-    // Log generic message to avoid leaking sensitive path information
+    // Fail-closed: block the prompt on hook errors to prevent untracked implementation
+    // Users installed WogiFlow to enforce task tracking - failing open would bypass that
     if (process.env.DEBUG) {
       console.error(`[Wogi Flow Hook Error] ${err.message}`);
     } else {
       console.error('[Wogi Flow Hook] Validation error occurred');
     }
-    // Exit 0 with continue:true to not block on hook errors
     console.log(JSON.stringify({
-      continue: true,
-      hookSpecificOutput: {
-        hookEventName: 'UserPromptSubmit'
-      }
+      decision: 'block',
+      reason: 'WogiFlow validation error. Please check your WogiFlow setup or use /wogi-start to route your request.'
     }));
     process.exit(0);
   }
@@ -181,14 +178,13 @@ process.stdin.setEncoding('utf8');
   try {
     await main();
   } catch (err) {
-    // Catch any unhandled errors from main
+    // Fail-closed: block on unexpected errors to prevent untracked implementation
     if (process.env.DEBUG) {
       console.error(`[Wogi Flow Hook] Unexpected error: ${err.message}`);
     }
-    // Exit gracefully - don't block on hook errors
     console.log(JSON.stringify({
-      continue: true,
-      hookSpecificOutput: { hookEventName: 'UserPromptSubmit' }
+      decision: 'block',
+      reason: 'WogiFlow hook error. Use /wogi-start to route your request.'
     }));
     process.exit(0);
   }

package/scripts/postinstall.js

@@ -158,56 +158,50 @@ function copyDir(src, dest, mergeMode = false, depth = 0) {
  * Copy essential .claude/ resources from package to project
  * This ensures commands are available immediately after npm install
  *
- * Uses merge mode: new commands are added, existing ones are NOT overwritten
- * This preserves user customizations while ensuring new commands are available
+ * ALWAYS overwrites WogiFlow-owned files (commands, docs, rules, settings hooks)
+ * to ensure npm update actually applies changes.
+ * User-customizable files (config.json, ready.json, decisions.md) are NOT touched.
  */
 function copyClaudeResources() {
   const claudeDir = path.join(PROJECT_ROOT, '.claude');
   fs.mkdirSync(claudeDir, { recursive: true, mode: DIR_MODE });
 
-  // Copy commands (essential for slash commands to work)
-  // Use merge mode to add new commands without overwriting customizations
+  // Copy commands (always overwrite - these are WogiFlow skill definitions)
   const packageCommands = path.join(PACKAGE_ROOT, '.claude', 'commands');
   const projectCommands = path.join(claudeDir, 'commands');
   if (fs.existsSync(packageCommands)) {
-    const alreadyExists = fs.existsSync(projectCommands);
-    copyDir(packageCommands, projectCommands, alreadyExists);
+    copyDir(packageCommands, projectCommands, false);
   }
 
-  // Copy docs (knowledge base) - merge mode
+  // Copy docs (always overwrite - these are WogiFlow documentation)
   const packageDocs = path.join(PACKAGE_ROOT, '.claude', 'docs');
   const projectDocs = path.join(claudeDir, 'docs');
   if (fs.existsSync(packageDocs)) {
-    const alreadyExists = fs.existsSync(projectDocs);
-    copyDir(packageDocs, projectDocs, alreadyExists);
+    copyDir(packageDocs, projectDocs, false);
   }
 
-  // Copy rules (coding patterns) - merge mode
+  // Copy rules (always overwrite - these are WogiFlow coding rules)
   const packageRules = path.join(PACKAGE_ROOT, '.claude', 'rules');
   const projectRules = path.join(claudeDir, 'rules');
   if (fs.existsSync(packageRules)) {
-    const alreadyExists = fs.existsSync(projectRules);
-    copyDir(packageRules, projectRules, alreadyExists);
+    copyDir(packageRules, projectRules, false);
   }
 
   // Copy settings.json (hook configuration) - ESSENTIAL for hooks to work
-  // Without this file, Claude Code has no idea hooks exist and won't run them
+  // ALWAYS update hooks section on every install/update to ensure new hook logic applies
   const packageSettings = path.join(PACKAGE_ROOT, '.claude', 'settings.json');
   const projectSettings = path.join(claudeDir, 'settings.json');
   if (fs.existsSync(packageSettings)) {
     if (fs.existsSync(projectSettings)) {
-      // Merge: inject our hooks into existing settings without overwriting other config
+      // Always merge hooks from package into existing settings
       try {
         const existing = JSON.parse(fs.readFileSync(projectSettings, 'utf-8'));
-        // Only merge if not already WogiFlow-managed (avoid duplicate hooks)
-        if (!existing._wogiFlowManaged) {
-          const ours = JSON.parse(fs.readFileSync(packageSettings, 'utf-8'));
-          existing.hooks = ours.hooks;
-          existing._wogiFlowManaged = true;
-          existing._wogiFlowVersion = ours._wogiFlowVersion || '1.0.0';
-          fs.writeFileSync(projectSettings, JSON.stringify(existing, null, 2), { mode: FILE_MODE });
-        }
-        // If already managed, leave as-is (user may have customized hook config)
+        const ours = JSON.parse(fs.readFileSync(packageSettings, 'utf-8'));
+        // Always update hooks (core WogiFlow functionality)
+        existing.hooks = ours.hooks;
+        existing._wogiFlowManaged = true;
+        existing._wogiFlowVersion = ours._wogiFlowVersion || '1.0.0';
+        fs.writeFileSync(projectSettings, JSON.stringify(existing, null, 2), { mode: FILE_MODE });
       } catch (err) {
         // Parse error on existing file - overwrite with ours
         if (process.env.DEBUG) {
@@ -231,8 +225,8 @@ function copyClaudeResources() {
  * Copy scripts from package to project (for npm update scenario)
  * This ensures scripts are updated on npm install/update
  *
- * Uses merge mode: new scripts are added, existing ones are NOT overwritten
- * This preserves user customizations while ensuring new scripts are available
+ * ALWAYS overwrites WogiFlow-owned scripts to ensure npm update applies changes.
+ * Hook scripts, core modules, and adapters must stay in sync with the package version.
  */
 function copyScriptsFromPackage() {
   const packageScripts = path.join(PACKAGE_ROOT, 'scripts');
@@ -245,9 +239,8 @@ function copyScriptsFromPackage() {
     return;
   }
 
-  // Use merge mode to add new scripts without overwriting customizations
-  const alreadyExists = fs.existsSync(projectScripts);
-  copyDir(packageScripts, projectScripts, alreadyExists);
+  // Always overwrite scripts to ensure npm update propagates hook/core changes
+  copyDir(packageScripts, projectScripts, false);
 
   // Make flow script executable
   const flowScript = path.join(projectScripts, 'flow');

package/scripts/test-hook-chain.js

@@ -0,0 +1,184 @@
+#!/usr/bin/env node
+/**
+ * Test the full hook chain: implementation-gate + adapter
+ *
+ * v5.3: Tests context injection (not blocking).
+ * When no active task, prompts are ALLOWED through with additionalContext
+ * that tells Claude to invoke /wogi-start automatically.
+ */
+
+// Clear module cache
+const keysToDelete = Object.keys(require.cache).filter(k =>
+  k.includes('implementation-gate') || k.includes('task-gate') ||
+  k.includes('claude-code') || k.includes('base-adapter') ||
+  k.includes('flow-utils')
+);
+keysToDelete.forEach(k => delete require.cache[k]);
+
+// Patch getReadyData before loading implementation-gate
+const utils = require('./flow-utils');
+let mockInProgress = [];
+utils.getReadyData = () => ({
+  ready: [],
+  inProgress: mockInProgress,
+  blocked: [],
+  recentlyCompleted: []
+});
+
+// Now load the modules
+const { checkImplementationGate } = require('./hooks/core/implementation-gate');
+const { claudeCodeAdapter } = require('./hooks/adapters/claude-code');
+
+let allPass = true;
+
+function assert(condition, name, details) {
+  console.log(condition ? '  PASS' : '  FAIL', '-', name);
+  if (!condition) {
+    if (details) console.log('   ', details);
+    allPass = false;
+  }
+}
+
+// ===================================================================
+// NO ACTIVE TASK → Context injection (NOT blocking)
+// Prompts go through with additionalContext telling Claude to invoke /wogi-start
+// ===================================================================
+console.log('=== NO ACTIVE TASK (should inject routing context, NOT block) ===');
+
+function testContextInjection(name, prompt) {
+  mockInProgress = [];
+  const result = checkImplementationGate({ prompt });
+  const adapted = claudeCodeAdapter.transformResult('UserPromptSubmit', result);
+
+  const notBlocked = adapted.decision !== 'block';
+  const hasContext = adapted.hookSpecificOutput?.additionalContext?.includes('wogi-start');
+  const noContinueFalse = adapted.continue !== false;
+
+  assert(notBlocked, `${name}: NOT blocked`);
+  assert(hasContext, `${name}: has routing context mentioning wogi-start`);
+  assert(noContinueFalse, `${name}: does not kill session`);
+
+  if (!notBlocked || !hasContext || !noContinueFalse) {
+    console.log('    Adapted:', JSON.stringify(adapted).slice(0, 200));
+  }
+}
+
+testContextInjection('Implementation request', 'add a logout button');
+testContextInjection('Question', 'what does this function do?');
+testContextInjection('Operational', 'push to github');
+testContextInjection('Random text', 'hello world');
+
+// ===================================================================
+// NO ACTIVE TASK → /wogi-* commands always pass clean (no context injection)
+// ===================================================================
+console.log('');
+console.log('=== NO ACTIVE TASK (/wogi-* commands pass clean) ===');
+
+function testCleanAllow(name, prompt) {
+  mockInProgress = [];
+  const result = checkImplementationGate({ prompt });
+  const adapted = claudeCodeAdapter.transformResult('UserPromptSubmit', result);
+
+  const notBlocked = adapted.decision !== 'block';
+  const isEmpty = Object.keys(adapted).length === 0;
+
+  assert(notBlocked, `${name}: NOT blocked`);
+  assert(isEmpty, `${name}: clean empty response (no context injection)`);
+}
+
+testCleanAllow('/wogi-start command', '/wogi-start add feature');
+testCleanAllow('/wogi-review command', '/wogi-review');
+testCleanAllow('/wogi-bug command', '/wogi-bug something broken');
+
+// ===================================================================
+// EMPTY/NULL PROMPTS → pass clean
+// ===================================================================
+console.log('');
+console.log('=== EMPTY/NULL PROMPTS (pass clean) ===');
+
+testCleanAllow('Empty prompt', '');
+testCleanAllow('Null prompt', null);
+testCleanAllow('Whitespace only', '   ');
+
+// ===================================================================
+// WITH ACTIVE TASK → everything passes clean
+// ===================================================================
+console.log('');
+console.log('=== WITH ACTIVE TASK (everything passes clean) ===');
+
+function testWithTask(name, prompt) {
+  mockInProgress = [{ id: 'wf-test', title: 'Test task', status: 'in_progress' }];
+  const result = checkImplementationGate({ prompt });
+  const adapted = claudeCodeAdapter.transformResult('UserPromptSubmit', result);
+
+  const notBlocked = adapted.decision !== 'block';
+  const isEmpty = Object.keys(adapted).length === 0;
+
+  assert(notBlocked, `${name}: NOT blocked`);
+  assert(isEmpty, `${name}: clean empty response`);
+}
+
+testWithTask('Implementation request', 'add a logout button');
+testWithTask('Question', 'what does this do?');
+testWithTask('Operational', 'push to github');
+
+// ===================================================================
+// ADAPTER FORMAT VERIFICATION
+// ===================================================================
+console.log('');
+console.log('=== ADAPTER FORMAT - No task (context injection) ===');
+
+mockInProgress = [];
+const noTaskResult = checkImplementationGate({ prompt: 'add a feature' });
+const noTaskAdapted = claudeCodeAdapter.transformResult('UserPromptSubmit', noTaskResult);
+
+assert(noTaskAdapted.decision !== 'block',
+  'No task: does NOT have decision:"block"');
+assert(noTaskAdapted.hookSpecificOutput?.hookEventName === 'UserPromptSubmit',
+  'No task: has hookEventName "UserPromptSubmit"');
+assert(typeof noTaskAdapted.hookSpecificOutput?.additionalContext === 'string',
+  'No task: has additionalContext string');
+assert(noTaskAdapted.hookSpecificOutput?.additionalContext?.includes('MANDATORY'),
+  'No task: context includes MANDATORY instruction');
+assert(noTaskAdapted.hookSpecificOutput?.additionalContext?.includes('wogi-start'),
+  'No task: context mentions wogi-start');
+assert(noTaskAdapted.continue !== false,
+  'No task: does NOT have continue:false (would kill session)');
+
+console.log('');
+console.log('=== ADAPTER FORMAT - With task (clean allow) ===');
+
+mockInProgress = [{ id: 'wf-test', title: 'Test', status: 'in_progress' }];
+const withTaskResult = checkImplementationGate({ prompt: 'add a feature' });
+const withTaskAdapted = claudeCodeAdapter.transformResult('UserPromptSubmit', withTaskResult);
+
+assert(Object.keys(withTaskAdapted).length === 0,
+  'With task: response is empty object {}');
+assert(withTaskAdapted.decision !== 'block',
+  'With task: no block decision');
+assert(withTaskAdapted.continue !== false,
+  'With task: no continue:false');
+
+// ===================================================================
+// CORE RESULT VERIFICATION
+// ===================================================================
+console.log('');
+console.log('=== CORE RESULT SHAPE ===');
+
+mockInProgress = [];
+const coreNoTask = checkImplementationGate({ prompt: 'build a dashboard' });
+assert(coreNoTask.allowed === true, 'Core no-task: allowed=true (not blocking)');
+assert(coreNoTask.blocked === false, 'Core no-task: blocked=false');
+assert(typeof coreNoTask.systemReminder === 'string', 'Core no-task: has systemReminder string');
+assert(coreNoTask.reason === 'no_active_task_route', 'Core no-task: reason is no_active_task_route');
+
+mockInProgress = [{ id: 'wf-test', title: 'Test', status: 'in_progress' }];
+const coreWithTask = checkImplementationGate({ prompt: 'build a dashboard' });
+assert(coreWithTask.allowed === true, 'Core with-task: allowed=true');
+assert(coreWithTask.blocked === false, 'Core with-task: blocked=false');
+assert(!coreWithTask.systemReminder, 'Core with-task: no systemReminder');
+assert(coreWithTask.reason === 'task_active', 'Core with-task: reason is task_active');
+
+console.log('');
+console.log(allPass ? 'ALL TESTS PASSED' : 'SOME TESTS FAILED');
+process.exit(allPass ? 0 : 1);