wogiflow 1.9.6 → 1.9.8

package/.claude/commands/wogi-onboard.md

@@ -701,7 +701,7 @@ Display:
     for (const reqs of [featureReqs, bugfixReqs, refactorReqs]) {
       reqs.push('requestLogEntry');
     }
-    featureReqs.push('appMapUpdate');
+    featureReqs.push('registryUpdate');
 
     config.qualityGates = {
       feature: { require: featureReqs },

package/.claude/commands/wogi-research.md

@@ -25,6 +25,46 @@ This command is **automatically triggered** (when strict mode is enabled) for:
 5. **Integration Questions**: "How to integrate X with Y?"
 6. **Comparison Questions**: "What can we learn from X?", "How does X compare to Y?"
 
+## Step 0: Config Loading (MANDATORY — before all phases)
+
+Before ANY research phase, read the project's config to determine depth, format, and verification requirements:
+
+```bash
+cat .workflow/config.json | grep -A 30 '"research"'
+```
+
+**Extract and apply these settings:**
+
+1. **Determine depth** (in priority order):
+   - CLI flag (`--deep`, `--quick`, etc.) → use that depth
+   - If auto-triggered (no flag): classify question type and look up `research.triggers`:
+     - Capability question ("Does X support Y?") → `triggers.capabilityQuestions` (default: `"standard"`)
+     - Feasibility question ("Is it possible to...") → `triggers.feasibilityQuestions` (default: `"deep"`)
+     - Existence question ("Is there a...") → `triggers.existenceQuestions` (default: `"standard"`)
+     - Architecture question ("How does X work?") → `triggers.architectureQuestions` (default: `"deep"`)
+     - Integration question ("How to integrate X with Y?") → `triggers.integrationQuestions` (default: `"deep"`)
+     - Comparison question ("How does X compare to Y?") → `triggers.comparisonQuestions` (default: `"deep"`)
+   - Fallback: `research.defaultDepth` (default: `"standard"`)
+
+2. **Apply format flags** from config:
+   - `requireVerificationFormat: true` → ALL assumptions must have `[VERIFIED]`/`[UNVERIFIED]` markers
+   - `requireCitations: true` → ALL claims must have an Evidence Chain entry
+   - `assumptionTracking: true` → Assumption Stack table is MANDATORY in output
+   - `negativeEvidenceRule: true` → Negative claims require exhaustive search evidence
+
+3. **Display header block** (MANDATORY):
+   ```markdown
+   ## Research Report
+   **Question:** [the question]
+   **Depth:** [resolved depth from step 1]
+   **Flow:** [Standard/Comparison]
+   **Config applied:** requireVerification=[yes/no], citations=[yes/no], assumptionTracking=[yes/no]
+   ```
+
+**If config.json has no `research` section or is unreadable**: use defaults (depth: standard, all format flags: true).
+
+---
+
 ## Research Protocol Phases
 
 There are two flows depending on question type:
@@ -199,6 +239,7 @@ In `.workflow/config.json`:
     "enabled": true,
     "defaultDepth": "standard",
     "autoTrigger": true,
+    "requireVerificationFormat": true,
     "maxTokensPerDepth": {
       "quick": 5000,
       "standard": 20000,
@@ -210,7 +251,15 @@ In `.workflow/config.json`:
     "cacheExpiryHours": 24,
     "budgetMode": "soft",
     "negativeEvidenceRule": true,
-    "assumptionTracking": true
+    "assumptionTracking": true,
+    "triggers": {
+      "capabilityQuestions": "standard",
+      "feasibilityQuestions": "deep",
+      "existenceQuestions": "standard",
+      "architectureQuestions": "deep",
+      "integrationQuestions": "deep",
+      "comparisonQuestions": "deep"
+    }
   }
 }
 ```
@@ -269,6 +318,26 @@ When `research.requireCitations` is enabled and `research.autoTrigger` is true:
 - Claims without citations are flagged
 - Negative claims require exhaustive search evidence
 
+## Output Checklist (MANDATORY — self-verify before presenting)
+
+Before presenting ANY research report, verify ALL of these are present. If any is missing, add it before outputting.
+
+| # | Check | Required When |
+|---|-------|---------------|
+| 1 | **Header block** with Question, Depth, Flow, Config applied | Always |
+| 2 | **Conclusion** section with direct answer | Always |
+| 3 | **Assumption Stack** table with `[VERIFIED]`/`[UNVERIFIED]` markers | `assumptionTracking: true` (default) |
+| 4 | **Evidence Chain** table with Claim, Source Type, Source Location, Confidence | `requireCitations: true` (default) |
+| 5 | **Confidence level** (HIGH/MEDIUM/LOW) | Always |
+| 6 | **Searches Performed** list (web + local) | Always |
+| 7 | **Negative Evidence format** for any "X doesn't exist" claims | `negativeEvidenceRule: true` (default) |
+| 8 | **Comparison table** (External Feature / Local Equivalent / Status) | Comparison flow only |
+| 9 | **Recommendation Verification** (EXISTS/PARTIAL/MISSING markers) | Comparison flow only |
+
+**Self-check prompt**: "Have I included all mandatory sections per config? Is every assumption marked? Is every claim cited?"
+
+If the report is missing any required section, DO NOT present it — add the missing section first.
+
 ## CLI Compatibility
 
 This command currently supports Claude Code only.

package/.claude/commands/wogi-start.md

@@ -302,7 +302,7 @@ If violations found: fix, re-run, only proceed when all pass. Violations auto-re
 **First**: Run `node node_modules/wogiflow/scripts/flow-spec-verifier.js verify wf-XXXXXXXX` — verify all spec deliverables exist. If missing → STOP, create them.
 
 **Then**: Check `config.qualityGates` for task type. Gates are type-specific:
-- **feature**: loopComplete, tests, appMapUpdate, requestLogEntry, integrationWiring, standardsCompliance
+- **feature**: loopComplete, tests, registryUpdate, requestLogEntry, integrationWiring, standardsCompliance
 - **bugfix**: loopComplete, tests, requestLogEntry, standardsCompliance, learningEnforcement
 - **refactor**: loopComplete, tests, noNewFeatures, smokeTest, standardsCompliance
 - **chore**: requestLogEntry, outstandingFindings
@@ -311,7 +311,8 @@ If violations found: fix, re-run, only proceed when all pass. Violations auto-re
 
 **Fallback behavior**: Task types not listed above (docs, style, test, perf, etc.) inherit the **feature** gates. This is intentional — feature gates are the most comprehensive and serve as a safe default.
 
-**Key automated gates** (v1.9.2):
+**Key automated gates** (v1.9.7):
+- `registryUpdate` → runs `flow registry-manager scan` on ALL active registries (app-map, function-map, api-map, schema-map, service-map). Auto-updates maps when new entries found. Replaces old `appMapUpdate` no-op gate.
 - `integrationWiring` → calls `verifyWiring()` — checks created files are imported/used
 - `standardsCompliance` → calls `runTaskStandardsCheck()` — checks naming, security, decisions.md rules
 - `outstandingFindings` → reads `last-review.json` — blocks if unresolved critical/high findings exist
@@ -328,7 +329,7 @@ Reflection: "Have I introduced any bugs or regressions?"
 1. Reflection: "Does this match what the user asked for?"
 2. Close out all TodoWrite items for this task
 3. Move task to recentlyCompleted in ready.json
-4. Update request-log.md, app-map.md, function-map.md, api-map.md as needed
+4. Registry maps auto-updated by `registryUpdate` quality gate (runs `flow registry-manager scan` on all active registries — app-map, function-map, api-map, schema-map, service-map)
 5. If `config.webmcp.enabled` and UI files created: run `node node_modules/wogiflow/scripts/flow-webmcp-generator.js scan`
 6. Commit: `feat: Complete wf-XXXXXXXX - [title]`
 7. Show completion summary

package/.claude/docs/config-reference.md

@@ -163,7 +163,7 @@ Customize which checks are required per task type.
 {
   "qualityGates": {
     "feature": {
-      "require": ["loopComplete", "tests", "appMapUpdate", "requestLogEntry"],
+      "require": ["loopComplete", "tests", "registryUpdate", "requestLogEntry"],
       "optional": ["review"]
     },
     "bugfix": {
@@ -174,7 +174,7 @@ Customize which checks are required per task type.
 }
 ```
 
-**Available gates**: `loopComplete`, `tests`, `generatedTestsPass`, `uiVerification`, `apiVerification`, `appMapUpdate`, `requestLogEntry`, `integrationWiring`, `standardsCompliance`, `outstandingFindings`, `preRelease`, `noNewFeatures`, `smokeTest`, `learningEnforcement`, `review`, `docs`, `webmcpVerification`
+**Available gates**: `loopComplete`, `tests`, `generatedTestsPass`, `uiVerification`, `apiVerification`, `registryUpdate`, `requestLogEntry`, `integrationWiring`, `standardsCompliance`, `outstandingFindings`, `preRelease`, `noNewFeatures`, `smokeTest`, `learningEnforcement`, `review`, `docs`, `webmcpVerification`
 
 **Task types**: `feature`, `bugfix`, `refactor`, `chore`, `release`, `fix`
 

package/.claude/docs/knowledge-base/02-task-execution/03-verification.md

@@ -62,7 +62,7 @@ Quality gates are requirements that must pass before a task can be completed.
 {
   "qualityGates": {
     "feature": {
-      "require": ["tests", "appMapUpdate", "requestLogEntry"],
+      "require": ["tests", "registryUpdate", "requestLogEntry"],
       "optional": ["review", "docs"]
     },
     "bugfix": {
@@ -84,7 +84,7 @@ Quality gates are requirements that must pass before a task can be completed.
 | `tests` | npm test passes |
 | `lint` | npm run lint passes (with auto-fix) |
 | `typecheck` | npm run typecheck passes |
-| `appMapUpdate` | New components added to app-map.md |
+| `registryUpdate` | All registry maps (app-map, function-map, api-map, schema-map, service-map) auto-scanned |
 | `requestLogEntry` | Task logged in request-log.md |
 | `noNewFeatures` | (Refactor) No new functionality added |
 | `integrationWiring` | Created files are imported/used somewhere (not orphaned) |
@@ -134,7 +134,7 @@ Running quality gates...
   ✓ lint passed (auto-fixed)
   ✓ typecheck passed
   ✓ requestLogEntry (found in request-log)
-  ○ appMapUpdate (verify manually if components created)
+  ✓ registryUpdate (auto-scanned: app-map.md updated)
 
 All gates passed!
 ```

package/.claude/docs/knowledge-base/02-task-execution/05-session-review.md

@@ -196,7 +196,7 @@ Session review can be added to quality gates:
 {
   "qualityGates": {
     "feature": {
-      "require": ["tests", "sessionReview", "appMapUpdate"]
+      "require": ["tests", "sessionReview", "registryUpdate"]
     }
   }
 }

package/.claude/docs/knowledge-base/02-task-execution/README.md

@@ -122,7 +122,7 @@ Comprehensive code review before finalizing changes.
   },
   "qualityGates": {
     "feature": {
-      "require": ["tests", "appMapUpdate", "requestLogEntry"]
+      "require": ["tests", "registryUpdate", "requestLogEntry"]
     }
   }
 }

package/.claude/docs/knowledge-base/02-task-execution/trade-offs.md

@@ -141,7 +141,7 @@ Every configuration decision in WogiFlow involves trade-offs. Understanding thes
 {
   "qualityGates": {
     "feature": {
-      "require": ["tests", "lint", "typecheck", "appMapUpdate", "requestLogEntry", "review"]
+      "require": ["tests", "lint", "typecheck", "registryUpdate", "requestLogEntry", "review"]
     }
   }
 }

package/.claude/docs/knowledge-base/configuration/README.md

@@ -127,7 +127,7 @@ cat .workflow/config.json
   },
   "qualityGates": {
     "feature": {
-      "require": ["tests", "appMapUpdate", "requestLogEntry", "review"]
+      "require": ["tests", "registryUpdate", "requestLogEntry", "review"]
     }
   }
 }

package/.claude/docs/knowledge-base/configuration/all-options.md

@@ -410,7 +410,7 @@ Per-task-type quality requirements that must pass before task completion.
   "qualityGates": {
     "preTaskBaseline": { "enabled": false },
     "feature": {
-      "require": ["loopComplete", "tests", "appMapUpdate", "requestLogEntry", "integrationWiring", "standardsCompliance"],
+      "require": ["loopComplete", "tests", "registryUpdate", "requestLogEntry", "integrationWiring", "standardsCompliance"],
       "optional": ["review", "docs", "webmcpVerification"]
     },
     "bugfix": {
@@ -433,7 +433,7 @@ Per-task-type quality requirements that must pass before task completion.
 | `qualityGates.bugfix.require` | string[] | See above | Required gates for bugfix tasks |
 | `qualityGates.refactor.require` | string[] | See above | Required gates for refactor tasks |
 
-Available gate values: `loopComplete`, `tests`, `appMapUpdate`, `requestLogEntry`, `integrationWiring`, `standardsCompliance`, `learningEnforcement`, `resolutionPopulated`, `noNewFeatures`, `smokeTest`, `review`, `docs`, `webmcpVerification`.
+Available gate values: `loopComplete`, `tests`, `registryUpdate`, `requestLogEntry`, `integrationWiring`, `standardsCompliance`, `learningEnforcement`, `resolutionPopulated`, `noNewFeatures`, `smokeTest`, `review`, `docs`, `webmcpVerification`.
 
 ---
 

package/.workflow/templates/claude-md.hbs

@@ -210,12 +210,9 @@ When creating tasks programmatically, always call `generateTaskId(title)` — ne
 
 ### After Completing:
 1. Update `request-log.md` with tags
-2. Update `app-map.md` if components created/deleted/renamed
-3. Update `function-map.md` if utilities created/deleted/renamed — run `npx flow function-index scan`
-4. Update `api-map.md` if endpoints created/deleted/renamed — run `npx flow api-index scan`
-5. Update other active registry maps if relevant — run `npx flow registry-manager scan`
-6. Run quality gates (lint, typecheck, test)
-7. Provide completion report
+2. Registry maps (app-map, function-map, api-map, schema-map, service-map) are **auto-updated** by the `registryUpdate` quality gate — it runs `flow registry-manager scan` on all active registries
+3. Run quality gates (lint, typecheck, test)
+4. Provide completion report
 
 ## Auto-Validation (CRITICAL)
 

package/lib/utils.js

@@ -40,7 +40,7 @@ function findProjectRoot() {
 /**
  * Safely parse JSON content with prototype pollution protection
  *
- * Note: For parsing JSON files, use safeJsonParseFile from flow-file-ops.js
+ * Note: For parsing JSON files, use safeJsonParse from flow-utils.js
  * or safeReadJson from this module instead.
  *
  * @param {string} content - JSON string to parse

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "1.9.6",
+  "version": "1.9.8",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -9,8 +9,6 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "node mcp-memory-server/test.js",
-    "memory-server": "node mcp-memory-server/index.js",
     "postinstall": "node scripts/postinstall.js",
     "preuninstall": "node scripts/preuninstall.js"
   },
@@ -58,10 +56,9 @@
   },
   "homepage": "https://github.com/Tomer-Wogi/WogiFlow#readme",
   "dependencies": {
-    "sql.js": "^1.10.0"
+    "sql.js": "^1.14.1"
   },
   "optionalDependencies": {
-    "@modelcontextprotocol/sdk": "^1.0.0",
     "@xenova/transformers": "^2.15.0"
   },
   "engines": {

package/scripts/flow-config-defaults.js

@@ -302,7 +302,7 @@ const CONFIG_DEFAULTS = {
   qualityGates: {
     preTaskBaseline: { enabled: false },
     feature: {
-      require: ['loopComplete', 'tests', 'generatedTestsPass', 'uiVerification', 'apiVerification', 'appMapUpdate', 'requestLogEntry', 'integrationWiring', 'standardsCompliance'],
+      require: ['loopComplete', 'tests', 'generatedTestsPass', 'uiVerification', 'apiVerification', 'registryUpdate', 'requestLogEntry', 'integrationWiring', 'standardsCompliance'],
       optional: ['review', 'docs', 'webmcpVerification']
     },
     bugfix: {

package/scripts/flow-consistency-check.js

@@ -511,10 +511,6 @@ function runConsistencyCheck(options = {}) {
     }
   }
 
-  // TODO: Implement crossMapConsistency check (config key exists but check is not yet implemented)
-  // This would verify that components referenced in one map exist in others
-  // (e.g., a function used by a component is also in function-map)
-
   // Determine overall status
   const mode = consistencyConfig.mode || 'warn';
   const orphanMode = consistencyConfig.orphanMode || 'warn';

package/scripts/flow-context-estimator.js

@@ -13,7 +13,7 @@
 
 const fs = require('fs');
 const path = require('path');
-const { getConfig, PATHS, safeJsonParse } = require('./flow-utils');
+const { getConfig, PATHS, safeJsonParse, validateTaskId } = require('./flow-utils');
 
 /**
  * Default estimation config (can be overridden in config.json)
@@ -33,20 +33,6 @@ const DEFAULT_REFACTOR_KEYWORDS = [
   'restructure', 'rearchitect', 'modernize', 'upgrade'
 ];
 
-// Valid task ID pattern — enforces wf-[8 hex] format and prevents path traversal
-// Also accepts legacy TASK-NNN/BUG-NNN and sub-tasks wf-XXXXXXXX-NN
-const VALID_TASK_ID_PATTERN = /^(wf-[a-f0-9]{8}(-\d{2})?|(TASK|BUG)-\d{3,})$/i;
-
-/**
- * Validate task ID format — must be wf-[8 hex chars] or legacy TASK-NNN/BUG-NNN.
- * Also prevents path traversal attacks.
- * @param {string} taskId - Task ID to validate
- * @returns {boolean} True if valid
- */
-function isValidTaskId(taskId) {
-  return typeof taskId === 'string' && VALID_TASK_ID_PATTERN.test(taskId);
-}
-
 /**
  * Get smart compaction config from config.json
  * @returns {Object} Smart compaction configuration
@@ -90,7 +76,7 @@ function getSmartCompactionConfig() {
  */
 function readSpecFile(taskId) {
   // Validate taskId to prevent path traversal (Security Rule)
-  if (!isValidTaskId(taskId)) {
+  if (!validateTaskId(taskId).valid) {
     return null;
   }
 
@@ -476,7 +462,7 @@ if (require.main === module) {
     const taskId = args[1];
 
     // Validate taskId to prevent path traversal
-    if (!isValidTaskId(taskId)) {
+    if (!validateTaskId(taskId).valid) {
       console.error(`Invalid task ID format: ${taskId}`);
       console.error('Task IDs must contain only alphanumeric characters, hyphens, and underscores.');
       process.exit(1);
@@ -521,7 +507,7 @@ if (require.main === module) {
     const taskId = args[1];
 
     // Validate taskId to prevent path traversal
-    if (!isValidTaskId(taskId)) {
+    if (!validateTaskId(taskId).valid) {
       console.error(`Invalid task ID format: ${taskId}`);
       console.error('Task IDs must contain only alphanumeric characters, hyphens, and underscores.');
       process.exit(1);
@@ -775,8 +761,6 @@ module.exports = {
   formatEstimationResult,
   extractCriteriaCount,
   extractFileCount,
-  isValidTaskId,
-  VALID_TASK_ID_PATTERN,
   // Finding-level estimation (for review-fix sessions)
   estimateFindingContextCost,
   calculateDynamicBatchSize,

package/scripts/flow-correct.js

@@ -23,6 +23,7 @@ const {
   dirExists,
   readFile,
   writeFile,
+  getConfig,
   color,
   success,
   warn,
@@ -35,7 +36,7 @@ const {
 
 function getCorrectionsDir() {
   try {
-    const config = JSON.parse(fs.readFileSync(PATHS.config, 'utf-8'));
+    const config = getConfig();
     const detailPath = config?.corrections?.detailPath;
     if (detailPath) {
       return path.isAbsolute(detailPath) ? detailPath : path.join(PROJECT_ROOT, detailPath);

package/scripts/flow-decision-tracker.js

@@ -22,10 +22,10 @@
 
 const fs = require('fs');
 const path = require('path');
-const crypto = require('crypto');
 const {
   PATHS,
   getConfig,
+  generateHashId,
   success,
   warn,
   error,
@@ -163,7 +163,7 @@ function recordAmendment(params) {
   }
 
   // Generate amendment record
-  const id = `amend-${crypto.randomBytes(4).toString('hex')}`;
+  const id = generateHashId('amend', '', '');
   const amendment = {
     id,
     timestamp: new Date().toISOString(),

package/scripts/flow-done.js

@@ -121,6 +121,20 @@ try {
 // v5.2 verification profiles
 const { loadProfile: loadVerificationProfile } = require('./flow-verification-profile');
 
+// v1.9.7 registry map update gate — lazy-loaded to avoid startup cost
+// Loaded inside the registryUpdate gate branch only
+let _registryManagerModule = undefined; // undefined = not yet loaded, null = load failed
+function getRegistryManager() {
+  if (_registryManagerModule === undefined) {
+    try {
+      _registryManagerModule = require('./flow-registry-manager');
+    } catch (err) {
+      _registryManagerModule = null;
+    }
+  }
+  return _registryManagerModule;
+}
+
 // Path for last failure artifact
 const LAST_FAILURE_PATH = path.join(PATHS.state, 'last-failure.json');
 
@@ -196,7 +210,7 @@ function checkOutstandingFindings() {
  */
 function runQualityGates(taskId, taskType) {
   // Validate taskId before using in any path construction
-  if (taskId && !validateTaskId(taskId)) {
+  if (taskId && !validateTaskId(taskId).valid) {
     console.log(color('red', `Invalid task ID format: ${String(taskId).slice(0, 30)}`));
     return { passed: false, failed: ['invalidTaskId'], errors: { invalidTaskId: 'Task ID failed validation' } };
   }
@@ -338,8 +352,111 @@ function runQualityGates(taskId, taskType) {
         if (process.env.DEBUG) console.error(`[DEBUG] requestLogEntry check: ${err.message}`);
         console.log(`  ${color('yellow', '○')} requestLogEntry (could not check)`);
       }
-    } else if (gate === 'appMapUpdate') {
-      console.log(`  ${color('yellow', '○')} appMapUpdate (verify manually if components created)`);
+    } else if (gate === 'appMapUpdate' || gate === 'registryUpdate') {
+      // v1.9.7: Programmatic registry scan — replaces manual "verify manually" no-op.
+      // Runs flow-registry-manager scan on all active registries, comparing modified files
+      // against registry entries to detect missing registrations.
+      // v1.9.8: Deprecation warning for old gate name
+      if (gate === 'appMapUpdate') {
+        console.log(`  ${color('yellow', '⚠')} appMapUpdate is deprecated — update config.json qualityGates to use 'registryUpdate'`);
+      }
+      const registryMod = getRegistryManager();
+      if (registryMod) {
+        try {
+          console.log('  Running registry update check...');
+          const modifiedFiles = getModifiedFiles();
+
+          // Get map file timestamps BEFORE scan (to detect changes)
+          const mapFiles = ['app-map.md', 'function-map.md', 'api-map.md', 'schema-map.md', 'service-map.md'];
+          const beforeHashes = {};
+          for (const mf of mapFiles) {
+            const mapPath = path.join(PATHS.state, mf);
+            try {
+              beforeHashes[mf] = fs.existsSync(mapPath) ? fs.statSync(mapPath).mtimeMs : 0;
+            } catch (err) {
+              beforeHashes[mf] = 0;
+            }
+          }
+
+          // Detect active plugins to check if scan is needed (lightweight, no async)
+          const { RegistryManager } = registryMod;
+          const manager = new RegistryManager();
+          manager.loadPlugins();
+          manager.detectStack();
+          manager.activatePlugins();
+
+          // Only scan if there are active plugins
+          if (manager.activePlugins.length > 0) {
+            // scanAll is async but we need sync behavior in quality gates
+            // Use spawnSync to run the scan as a child process
+            // v1.9.8: Added cwd, write JSON to stderr to avoid stdout pollution from require() side-effects
+            const scanResult = spawnSync('node', [
+              '-e',
+              `const {RegistryManager} = require(${JSON.stringify(path.join(__dirname, 'flow-registry-manager'))});
+              const m = new RegistryManager(); m.loadPlugins(); m.detectStack(); m.activatePlugins();
+              m.scanAll().then(r => { process.stderr.write('SCAN_RESULT:' + JSON.stringify(r)); process.exit(0); })
+              .catch(err => { process.stderr.write('SCAN_RESULT:' + JSON.stringify({error: err.message})); process.exit(1); });`
+            ], {
+              encoding: 'utf-8',
+              stdio: ['pipe', 'pipe', 'pipe'],
+              timeout: 30000,
+              cwd: process.cwd()
+            });
+
+            if (scanResult.status === 0) {
+              // Extract scan result from stderr (after SCAN_RESULT: marker) to avoid stdout pollution
+              const stderrOutput = scanResult.stderr || '';
+              const markerIdx = stderrOutput.indexOf('SCAN_RESULT:');
+              const jsonStr = markerIdx >= 0 ? stderrOutput.slice(markerIdx + 'SCAN_RESULT:'.length) : '{}';
+              const results = safeJsonParseString(jsonStr, {});
+
+              // Check which map files were updated
+              const updatedMaps = [];
+              for (const mf of mapFiles) {
+                const mapPath = path.join(PATHS.state, mf);
+                try {
+                  const afterMtime = fs.existsSync(mapPath) ? fs.statSync(mapPath).mtimeMs : 0;
+                  if (afterMtime > beforeHashes[mf]) {
+                    updatedMaps.push(mf);
+                  }
+                } catch (err) {
+                  // ignore
+                }
+              }
+
+              // Check if modified files include patterns that should be in registries
+              const relevantExtensions = ['.js', '.ts', '.jsx', '.tsx', '.vue', '.svelte'];
+              const codeFiles = modifiedFiles.filter(f => relevantExtensions.some(ext => f.endsWith(ext)));
+              const nonTestFiles = codeFiles.filter(f => !f.includes('test') && !f.includes('spec') && !f.includes('__test'));
+
+              const activeIds = manager.activePlugins.map(p => p.constructor.id);
+              const scanSummary = Object.entries(results)
+                .filter(([id, r]) => r.success && !r.empty)
+                .map(([id]) => id);
+
+              if (updatedMaps.length > 0) {
+                console.log(`  ${color('green', '✓')} registryUpdate (auto-scanned: ${updatedMaps.join(', ')} updated)`);
+              } else if (scanSummary.length > 0) {
+                console.log(`  ${color('green', '✓')} registryUpdate (scanned ${activeIds.join(', ')} — maps already current)`);
+              } else if (nonTestFiles.length === 0) {
+                console.log(`  ${color('green', '✓')} registryUpdate (no registrable code files modified)`);
+              } else {
+                console.log(`  ${color('green', '✓')} registryUpdate (scanned — no new entries found)`);
+              }
+            } else {
+              console.log(`  ${color('yellow', '⚠')} registryUpdate (scan error — degraded to manual check)`);
+              if (process.env.DEBUG) console.error(`[DEBUG] registry scan stderr: ${scanResult.stderr}`);
+            }
+          } else {
+            console.log(`  ${color('green', '✓')} registryUpdate (no active registry plugins)`);
+          }
+        } catch (err) {
+          // Graceful degradation — don't block task completion on scan errors
+          console.log(`  ${color('yellow', '⚠')} registryUpdate (error: ${truncateOutput(err.message, 3, 200)} — verify manually)`);
+        }
+      } else {
+        console.log(`  ${color('yellow', '⚠')} registryUpdate (registry manager not available — verify manually)`);
+      }
     } else if (gate === 'loopComplete') {
       // v2.1: Explicit loop completion check
       const activeLoop = getActiveLoop();
@@ -553,7 +670,7 @@ function runQualityGates(taskId, taskType) {
       }
     } else if (gate === 'generatedTestsPass') {
       if (config.testing?.enabled && config.testing?.generation?.autoGenerate) {
-        if (!validateTaskId(taskId)) {
+        if (!validateTaskId(taskId).valid) {
           console.log(`  ${color('yellow', '⚠')} generatedTestsPass (invalid task ID)`);
         } else {
           const testDir = path.join(PATHS.workflow, 'tests', 'generated', taskId);
@@ -610,7 +727,7 @@ function runQualityGates(taskId, taskType) {
       const gateModes = isUI ? ['ui', 'full', 'auto'] : ['api', 'full', 'auto'];
       const testingMode = config.testing?.mode || 'off';
       if (config.testing?.enabled && gateModes.includes(testingMode)) {
-        if (!validateTaskId(taskId)) {
+        if (!validateTaskId(taskId).valid) {
           console.log(`  ${color('yellow', '⚠')} ${gate} (invalid task ID)`);
         } else {
           try {
@@ -661,7 +778,7 @@ function runQualityGates(taskId, taskType) {
           }
 
           // Also check scenario verification results if available
-          if (!isUI && validateTaskId(taskId)) {
+          if (!isUI && validateTaskId(taskId).valid) {
             const scenarioReportPath = path.join(PATHS.workflow, 'verifications', `${taskId}-scenarios.json`);
             if (fs.existsSync(scenarioReportPath)) {
               try {

package/scripts/flow-entropy-monitor.js

@@ -17,40 +17,19 @@
 const fs = require('fs');
 const path = require('path');
 const memoryDb = require('./flow-memory-db');
+const { getConfig } = require('./flow-config-loader');
+const { color } = require('./flow-output');
 
 // ============================================================
 // Configuration
 // ============================================================
 
 const PROJECT_ROOT = process.env.WOGI_PROJECT_ROOT || process.cwd();
-const CONFIG_PATH = path.join(PROJECT_ROOT, '.workflow', 'config.json');
-
-function loadConfig() {
-  try {
-    if (fs.existsSync(CONFIG_PATH)) {
-      return JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
-    }
-  } catch {}
-  return {};
-}
 
 // ============================================================
 // Output Formatting
 // ============================================================
 
-function color(c, text) {
-  const colors = {
-    red: '\x1b[31m',
-    green: '\x1b[32m',
-    yellow: '\x1b[33m',
-    blue: '\x1b[34m',
-    cyan: '\x1b[36m',
-    gray: '\x1b[90m',
-    reset: '\x1b[0m'
-  };
-  return `${colors[c] || ''}${text}${colors.reset}`;
-}
-
 function formatEntropy(entropy) {
   if (entropy < 0.4) return color('green', `${entropy} (healthy)`);
   if (entropy < 0.7) return color('yellow', `${entropy} (moderate)`);
@@ -299,7 +278,7 @@ async function showPromotionCandidates(config) {
 
 async function main() {
   const args = process.argv.slice(2);
-  const config = loadConfig();
+  const config = getConfig();
 
   try {
     if (args.includes('--auto')) {