wogiflow 1.9.7 → 1.9.9

package/lib/installer.js

@@ -532,6 +532,14 @@ function createWorkflowStructure(projectRoot, config) {
   });
   fs.writeFileSync(configPath, JSON.stringify(configContent, null, 2));
 
+  // Sync .gitignore entries for enabled features
+  try {
+    const { syncGitignore } = require('../scripts/flow-gitignore');
+    syncGitignore(configContent);
+  } catch (err) {
+    // Non-blocking — gitignore sync should never fail installation
+  }
+
   // Create ready.json
   const readyPath = path.join(workflowDir, 'state', 'ready.json');
   const readyContent = {

package/lib/utils.js

@@ -40,7 +40,7 @@ function findProjectRoot() {
 /**
  * Safely parse JSON content with prototype pollution protection
  *
- * Note: For parsing JSON files, use safeJsonParseFile from flow-file-ops.js
+ * Note: For parsing JSON files, use safeJsonParse from flow-utils.js
  * or safeReadJson from this module instead.
  *
  * @param {string} content - JSON string to parse

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "1.9.7",
+  "version": "1.9.9",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -9,8 +9,6 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "node mcp-memory-server/test.js",
-    "memory-server": "node mcp-memory-server/index.js",
     "postinstall": "node scripts/postinstall.js",
     "preuninstall": "node scripts/preuninstall.js"
   },
@@ -58,10 +56,9 @@
   },
   "homepage": "https://github.com/Tomer-Wogi/WogiFlow#readme",
   "dependencies": {
-    "sql.js": "^1.10.0"
+    "sql.js": "^1.14.1"
   },
   "optionalDependencies": {
-    "@modelcontextprotocol/sdk": "^1.0.0",
     "@xenova/transformers": "^2.15.0"
   },
   "engines": {

package/scripts/flow-config-loader.js

@@ -518,6 +518,14 @@ async function setConfigValue(configPath, newValue) {
     obj[parts[parts.length - 1]] = newValue;
     writeJson(PATHS.config, config);
     invalidateConfigCache();
+
+    // Auto-sync .gitignore when config changes enable features with runtime artifacts
+    try {
+      const { syncGitignore } = require('./flow-gitignore');
+      syncGitignore(config);
+    } catch (err) {
+      // Non-blocking — gitignore sync should never fail config writes
+    }
   } finally {
     if (release) release();
   }
@@ -548,6 +556,14 @@ function setConfigValueSync(configPath, newValue) {
   obj[parts[parts.length - 1]] = newValue;
   writeJson(PATHS.config, config);
   invalidateConfigCache();
+
+  // Auto-sync .gitignore when config changes enable features with runtime artifacts
+  try {
+    const { syncGitignore } = require('./flow-gitignore');
+    syncGitignore(config);
+  } catch (err) {
+    // Non-blocking — gitignore sync should never fail config writes
+  }
 }
 
 /**

package/scripts/flow-consistency-check.js

@@ -511,10 +511,6 @@ function runConsistencyCheck(options = {}) {
     }
   }
 
-  // TODO: Implement crossMapConsistency check (config key exists but check is not yet implemented)
-  // This would verify that components referenced in one map exist in others
-  // (e.g., a function used by a component is also in function-map)
-
   // Determine overall status
   const mode = consistencyConfig.mode || 'warn';
   const orphanMode = consistencyConfig.orphanMode || 'warn';

package/scripts/flow-context-estimator.js

@@ -13,7 +13,7 @@
 
 const fs = require('fs');
 const path = require('path');
-const { getConfig, PATHS, safeJsonParse } = require('./flow-utils');
+const { getConfig, PATHS, safeJsonParse, validateTaskId } = require('./flow-utils');
 
 /**
  * Default estimation config (can be overridden in config.json)
@@ -33,20 +33,6 @@ const DEFAULT_REFACTOR_KEYWORDS = [
   'restructure', 'rearchitect', 'modernize', 'upgrade'
 ];
 
-// Valid task ID pattern — enforces wf-[8 hex] format and prevents path traversal
-// Also accepts legacy TASK-NNN/BUG-NNN and sub-tasks wf-XXXXXXXX-NN
-const VALID_TASK_ID_PATTERN = /^(wf-[a-f0-9]{8}(-\d{2})?|(TASK|BUG)-\d{3,})$/i;
-
-/**
- * Validate task ID format — must be wf-[8 hex chars] or legacy TASK-NNN/BUG-NNN.
- * Also prevents path traversal attacks.
- * @param {string} taskId - Task ID to validate
- * @returns {boolean} True if valid
- */
-function isValidTaskId(taskId) {
-  return typeof taskId === 'string' && VALID_TASK_ID_PATTERN.test(taskId);
-}
-
 /**
  * Get smart compaction config from config.json
  * @returns {Object} Smart compaction configuration
@@ -90,7 +76,7 @@ function getSmartCompactionConfig() {
  */
 function readSpecFile(taskId) {
   // Validate taskId to prevent path traversal (Security Rule)
-  if (!isValidTaskId(taskId)) {
+  if (!validateTaskId(taskId).valid) {
     return null;
   }
 
@@ -476,7 +462,7 @@ if (require.main === module) {
     const taskId = args[1];
 
     // Validate taskId to prevent path traversal
-    if (!isValidTaskId(taskId)) {
+    if (!validateTaskId(taskId).valid) {
       console.error(`Invalid task ID format: ${taskId}`);
       console.error('Task IDs must contain only alphanumeric characters, hyphens, and underscores.');
       process.exit(1);
@@ -521,7 +507,7 @@ if (require.main === module) {
     const taskId = args[1];
 
     // Validate taskId to prevent path traversal
-    if (!isValidTaskId(taskId)) {
+    if (!validateTaskId(taskId).valid) {
       console.error(`Invalid task ID format: ${taskId}`);
       console.error('Task IDs must contain only alphanumeric characters, hyphens, and underscores.');
       process.exit(1);
@@ -775,8 +761,6 @@ module.exports = {
   formatEstimationResult,
   extractCriteriaCount,
   extractFileCount,
-  isValidTaskId,
-  VALID_TASK_ID_PATTERN,
   // Finding-level estimation (for review-fix sessions)
   estimateFindingContextCost,
   calculateDynamicBatchSize,

package/scripts/flow-correct.js

@@ -23,6 +23,7 @@ const {
   dirExists,
   readFile,
   writeFile,
+  getConfig,
   color,
   success,
   warn,
@@ -35,7 +36,7 @@ const {
 
 function getCorrectionsDir() {
   try {
-    const config = JSON.parse(fs.readFileSync(PATHS.config, 'utf-8'));
+    const config = getConfig();
     const detailPath = config?.corrections?.detailPath;
     if (detailPath) {
       return path.isAbsolute(detailPath) ? detailPath : path.join(PROJECT_ROOT, detailPath);

package/scripts/flow-decision-tracker.js

@@ -22,10 +22,10 @@
 
 const fs = require('fs');
 const path = require('path');
-const crypto = require('crypto');
 const {
   PATHS,
   getConfig,
+  generateHashId,
   success,
   warn,
   error,
@@ -163,7 +163,7 @@ function recordAmendment(params) {
   }
 
   // Generate amendment record
-  const id = `amend-${crypto.randomBytes(4).toString('hex')}`;
+  const id = generateHashId('amend', '', '');
   const amendment = {
     id,
     timestamp: new Date().toISOString(),

package/scripts/flow-done.js

@@ -210,7 +210,7 @@ function checkOutstandingFindings() {
  */
 function runQualityGates(taskId, taskType) {
   // Validate taskId before using in any path construction
-  if (taskId && !validateTaskId(taskId)) {
+  if (taskId && !validateTaskId(taskId).valid) {
     console.log(color('red', `Invalid task ID format: ${String(taskId).slice(0, 30)}`));
     return { passed: false, failed: ['invalidTaskId'], errors: { invalidTaskId: 'Task ID failed validation' } };
   }
@@ -670,7 +670,7 @@ function runQualityGates(taskId, taskType) {
       }
     } else if (gate === 'generatedTestsPass') {
       if (config.testing?.enabled && config.testing?.generation?.autoGenerate) {
-        if (!validateTaskId(taskId)) {
+        if (!validateTaskId(taskId).valid) {
           console.log(`  ${color('yellow', '⚠')} generatedTestsPass (invalid task ID)`);
         } else {
           const testDir = path.join(PATHS.workflow, 'tests', 'generated', taskId);
@@ -727,7 +727,7 @@ function runQualityGates(taskId, taskType) {
       const gateModes = isUI ? ['ui', 'full', 'auto'] : ['api', 'full', 'auto'];
       const testingMode = config.testing?.mode || 'off';
       if (config.testing?.enabled && gateModes.includes(testingMode)) {
-        if (!validateTaskId(taskId)) {
+        if (!validateTaskId(taskId).valid) {
           console.log(`  ${color('yellow', '⚠')} ${gate} (invalid task ID)`);
         } else {
           try {
@@ -778,7 +778,7 @@ function runQualityGates(taskId, taskType) {
           }
 
           // Also check scenario verification results if available
-          if (!isUI && validateTaskId(taskId)) {
+          if (!isUI && validateTaskId(taskId).valid) {
             const scenarioReportPath = path.join(PATHS.workflow, 'verifications', `${taskId}-scenarios.json`);
             if (fs.existsSync(scenarioReportPath)) {
               try {

package/scripts/flow-entropy-monitor.js

@@ -17,40 +17,19 @@
 const fs = require('fs');
 const path = require('path');
 const memoryDb = require('./flow-memory-db');
+const { getConfig } = require('./flow-config-loader');
+const { color } = require('./flow-output');
 
 // ============================================================
 // Configuration
 // ============================================================
 
 const PROJECT_ROOT = process.env.WOGI_PROJECT_ROOT || process.cwd();
-const CONFIG_PATH = path.join(PROJECT_ROOT, '.workflow', 'config.json');
-
-function loadConfig() {
-  try {
-    if (fs.existsSync(CONFIG_PATH)) {
-      return JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
-    }
-  } catch {}
-  return {};
-}
 
 // ============================================================
 // Output Formatting
 // ============================================================
 
-function color(c, text) {
-  const colors = {
-    red: '\x1b[31m',
-    green: '\x1b[32m',
-    yellow: '\x1b[33m',
-    blue: '\x1b[34m',
-    cyan: '\x1b[36m',
-    gray: '\x1b[90m',
-    reset: '\x1b[0m'
-  };
-  return `${colors[c] || ''}${text}${colors.reset}`;
-}
-
 function formatEntropy(entropy) {
   if (entropy < 0.4) return color('green', `${entropy} (healthy)`);
   if (entropy < 0.7) return color('yellow', `${entropy} (moderate)`);
@@ -299,7 +278,7 @@ async function showPromotionCandidates(config) {
 
 async function main() {
   const args = process.argv.slice(2);
-  const config = loadConfig();
+  const config = getConfig();
 
   try {
     if (args.includes('--auto')) {

package/scripts/flow-export-scanner.js

@@ -16,10 +16,10 @@
 
 const fs = require('fs');
 const path = require('path');
-const { getProjectRoot: getProjectRootFromUtils, getConfig } = require('./flow-utils');
+const { PATHS, getConfig } = require('./flow-utils');
 
-// Default to getProjectRoot from utils, can be overridden via setProjectRoot() or CLI arg
-let PROJECT_ROOT = getProjectRootFromUtils();
+// Default to PATHS.root from flow-utils, can be overridden via setProjectRoot() or CLI arg
+let PROJECT_ROOT = PATHS.root;
 let CONFIG_PATH = path.join(PROJECT_ROOT, '.workflow/config.json');
 let CACHE_PATH = path.join(PROJECT_ROOT, '.workflow/state/export-map.json');
 const CACHE_MAX_AGE_MS = 5 * 60 * 1000; // 5 minutes

package/scripts/flow-gitignore.js

@@ -0,0 +1,263 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - Gitignore Auto-Management
+ *
+ * Declarative mapping of config features to .gitignore entries.
+ * When a config change enables a feature that produces runtime artifacts,
+ * the relevant entries are automatically appended to .gitignore.
+ *
+ * Design:
+ * - Append-only: never removes existing entries
+ * - Idempotent: no duplicate entries on repeated calls
+ * - Grouped under "# WogiFlow runtime (auto-managed)" comment
+ * - Declarative: RUNTIME_ARTIFACT_MAP defines all mappings
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const { getConfig } = require('./flow-config-loader');
+const { PROJECT_ROOT } = require('./flow-paths');
+
+// ============================================================================
+// Declarative Config-to-Gitignore Mapping
+// ============================================================================
+
+/**
+ * Each entry maps a config condition to gitignore patterns.
+ * - configPath: dot-notation path into config object
+ * - matchValue: value that triggers the entry (true for boolean, string for exact match)
+ *   If matchValue is true, any truthy value triggers the entry.
+ * - patterns: gitignore entries to add when condition is met
+ * - description: human-readable description for health check output
+ */
+const RUNTIME_ARTIFACT_MAP = [
+  {
+    configPath: 'testing.uiProvider',
+    matchValue: 'playwright-mcp',
+    patterns: ['.playwright-mcp/'],
+    description: 'Playwright MCP logs and screenshots'
+  },
+  {
+    configPath: 'testing.enabled',
+    matchValue: true,
+    patterns: ['.workflow/verifications/', '.workflow/tests/generated/'],
+    description: 'Test verification artifacts and generated tests'
+  },
+  {
+    configPath: 'webmcp.enabled',
+    matchValue: true,
+    patterns: ['.workflow/webmcp/'],
+    description: 'WebMCP tool definitions'
+  }
+];
+
+const GITIGNORE_SECTION_HEADER = '# WogiFlow runtime (auto-managed)';
+
+// ============================================================================
+// Core Functions
+// ============================================================================
+
+/**
+ * Get the value at a dot-notation path in an object.
+ * @param {Object} obj
+ * @param {string} dotPath - e.g. 'testing.uiProvider'
+ * @returns {*} Value at path, or undefined
+ */
+function getNestedValue(obj, dotPath) {
+  const parts = dotPath.split('.');
+  let current = obj;
+  for (const part of parts) {
+    if (current == null || typeof current !== 'object') return undefined;
+    current = current[part];
+  }
+  return current;
+}
+
+/**
+ * Determine which gitignore entries are needed based on current config.
+ * @param {Object} [config] - Pre-loaded config (optional)
+ * @returns {string[]} Gitignore patterns that should exist
+ */
+function getRequiredEntries(config) {
+  if (!config) config = getConfig();
+  const needed = [];
+
+  for (const mapping of RUNTIME_ARTIFACT_MAP) {
+    const value = getNestedValue(config, mapping.configPath);
+    let matches = false;
+
+    if (mapping.matchValue === true) {
+      matches = !!value;
+    } else {
+      matches = value === mapping.matchValue;
+    }
+
+    if (matches) {
+      needed.push(...mapping.patterns);
+    }
+  }
+
+  return needed;
+}
+
+/**
+ * Read the current .gitignore content.
+ * @returns {string} Content of .gitignore, or empty string if not found
+ */
+function readGitignore() {
+  const gitignorePath = path.join(PROJECT_ROOT, '.gitignore');
+  try {
+    return fs.readFileSync(gitignorePath, 'utf-8');
+  } catch (err) {
+    return '';
+  }
+}
+
+/**
+ * Parse existing gitignore entries (trimmed, non-empty, non-comment lines).
+ * @param {string} content - .gitignore content
+ * @returns {Set<string>} Set of existing entries
+ */
+function parseExistingEntries(content) {
+  const entries = new Set();
+  for (const line of content.split('\n')) {
+    const trimmed = line.trim();
+    if (trimmed && !trimmed.startsWith('#')) {
+      entries.push ? entries.add(trimmed) : entries.add(trimmed);
+    }
+  }
+  return entries;
+}
+
+/**
+ * Sync .gitignore with config-required entries.
+ * Appends missing entries under the auto-managed section header.
+ * @param {Object} [config] - Pre-loaded config (optional)
+ * @returns {{ added: string[], alreadyPresent: string[] }} What was done
+ */
+function syncGitignore(config) {
+  const required = getRequiredEntries(config);
+  if (required.length === 0) {
+    return { added: [], alreadyPresent: [] };
+  }
+
+  const gitignorePath = path.join(PROJECT_ROOT, '.gitignore');
+  const content = readGitignore();
+  const existing = parseExistingEntries(content);
+
+  const missing = required.filter(entry => !existing.has(entry));
+  const alreadyPresent = required.filter(entry => existing.has(entry));
+
+  if (missing.length === 0) {
+    return { added: [], alreadyPresent };
+  }
+
+  // Build the new section content
+  const hasSection = content.includes(GITIGNORE_SECTION_HEADER);
+  let newContent;
+
+  if (hasSection) {
+    // Append to existing section — find the section and add after it
+    const lines = content.split('\n');
+    const headerIdx = lines.findIndex(l => l.trim() === GITIGNORE_SECTION_HEADER);
+    // Find the end of the managed section (next blank line or next comment section)
+    let insertIdx = headerIdx + 1;
+    while (insertIdx < lines.length) {
+      const line = lines[insertIdx].trim();
+      if (line === '' || (line.startsWith('#') && line !== GITIGNORE_SECTION_HEADER)) {
+        break;
+      }
+      insertIdx++;
+    }
+    // Insert missing entries
+    lines.splice(insertIdx, 0, ...missing);
+    newContent = lines.join('\n');
+  } else {
+    // Create new section at end of file
+    const separator = content.endsWith('\n') ? '\n' : '\n\n';
+    newContent = content + separator + GITIGNORE_SECTION_HEADER + '\n' + missing.join('\n') + '\n';
+  }
+
+  fs.writeFileSync(gitignorePath, newContent, 'utf-8');
+
+  return { added: missing, alreadyPresent };
+}
+
+/**
+ * Check gitignore health — returns missing entries for /wogi-health.
+ * @param {Object} [config] - Pre-loaded config (optional)
+ * @returns {{ ok: boolean, missing: Array<{pattern: string, description: string}> }}
+ */
+function checkGitignoreHealth(config) {
+  if (!config) config = getConfig();
+  const content = readGitignore();
+  const existing = parseExistingEntries(content);
+  const missing = [];
+
+  for (const mapping of RUNTIME_ARTIFACT_MAP) {
+    const value = getNestedValue(config, mapping.configPath);
+    let matches = false;
+
+    if (mapping.matchValue === true) {
+      matches = !!value;
+    } else {
+      matches = value === mapping.matchValue;
+    }
+
+    if (matches) {
+      for (const pattern of mapping.patterns) {
+        if (!existing.has(pattern)) {
+          missing.push({ pattern, description: mapping.description });
+        }
+      }
+    }
+  }
+
+  return { ok: missing.length === 0, missing };
+}
+
+// ============================================================================
+// CLI
+// ============================================================================
+
+if (require.main === module) {
+  const args = process.argv.slice(2);
+  const command = args[0] || 'sync';
+
+  if (command === 'sync') {
+    const result = syncGitignore();
+    if (result.added.length > 0) {
+      console.log(`Added ${result.added.length} entries to .gitignore:`);
+      for (const entry of result.added) {
+        console.log(`  + ${entry}`);
+      }
+    } else {
+      console.log('.gitignore is up to date');
+    }
+  } else if (command === 'check') {
+    const health = checkGitignoreHealth();
+    if (health.ok) {
+      console.log('.gitignore: all required entries present');
+    } else {
+      console.log(`Missing ${health.missing.length} .gitignore entries:`);
+      for (const m of health.missing) {
+        console.log(`  - ${m.pattern} (${m.description})`);
+      }
+      console.log('\nRun: flow gitignore sync');
+      process.exit(1);
+    }
+  } else {
+    console.log('Usage: flow-gitignore.js [sync|check]');
+  }
+}
+
+module.exports = {
+  RUNTIME_ARTIFACT_MAP,
+  GITIGNORE_SECTION_HEADER,
+  getRequiredEntries,
+  syncGitignore,
+  checkGitignoreHealth
+};

package/scripts/flow-health.js

@@ -38,7 +38,8 @@ const {
   checkSpecMigration,
   safeJsonParse,
   meetsVersion,
-  getFdCommand
+  getFdCommand,
+  getConfig
 } = require('./flow-utils');
 
 const { execSync, execFileSync } = require('child_process');
@@ -128,7 +129,7 @@ function main() {
   let cliType = 'claude-code'; // default
   if (fileExists(PATHS.config)) {
     try {
-      const config = require(PATHS.config);
+      const config = getConfig();
       cliType = config.cli?.type || 'claude-code';
     } catch {}
   }
@@ -650,6 +651,26 @@ function main() {
     }
   }
 
+  // Check .gitignore sync
+  console.log('');
+  printSection('Checking .gitignore sync...');
+
+  try {
+    const { checkGitignoreHealth } = require('./flow-gitignore');
+    const gitignoreHealth = checkGitignoreHealth(config);
+    if (gitignoreHealth.ok) {
+      console.log(`  ${color('green', '✓')} All required .gitignore entries present`);
+    } else {
+      for (const m of gitignoreHealth.missing) {
+        console.log(`  ${color('yellow', '⚠')} Missing: ${m.pattern} (${m.description})`);
+      }
+      console.log(`  ${color('yellow', '⚠')} Run: node scripts/flow-gitignore.js sync`);
+      warnings += gitignoreHealth.missing.length;
+    }
+  } catch (err) {
+    console.log(`  ${color('yellow', '○')} Gitignore check unavailable`);
+  }
+
   // Check git status
   console.log('');
   printSection('Checking git status...');

package/scripts/flow-hybrid-test.js

@@ -9,7 +9,7 @@
 const fs = require('fs');
 const path = require('path');
 const { spawnSync } = require('child_process');
-const { getProjectRoot } = require('./flow-utils');
+const { getProjectRoot, getConfig } = require('./flow-utils');
 
 const PROJECT_ROOT = getProjectRoot();
 const TESTS = [];
@@ -52,8 +52,7 @@ test('Config file exists', () => {
 });
 
 test('Config has hybrid section', () => {
-  const configPath = path.join(PROJECT_ROOT, '.workflow', 'config.json');
-  const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+  const config = getConfig();
   if (!config.hybrid) {
     throw new Error('hybrid section missing from config');
   }

package/scripts/flow-long-input-stories.js

@@ -13,10 +13,8 @@
 
 const fs = require('fs');
 const path = require('path');
-const crypto = require('crypto');
-
 // Import safe utilities
-const { safeJsonParse, writeJson, generateTaskId, withLock, PATHS } = require('./flow-utils');
+const { safeJsonParse, writeJson, generateTaskId, generateHashId, withLock, PATHS } = require('./flow-utils');
 
 // Utility: ISO timestamp
 function now() {
@@ -95,7 +93,7 @@ const SCENARIO_PATTERNS = [
  * Generate unique story ID
  */
 function generateStoryId() {
-  return 'story-' + crypto.randomBytes(4).toString('hex');
+  return generateHashId('story', '', '');
 }
 
 /**
@@ -1063,14 +1061,14 @@ function resetPresentation() {
  * Generate unique edit session ID
  */
 function generateEditSessionId() {
-  return 'edit-' + crypto.randomBytes(4).toString('hex');
+  return generateHashId('edit', '', '');
 }
 
 /**
  * Generate unique change ID
  */
 function generateChangeId() {
-  return 'change-' + crypto.randomBytes(3).toString('hex');
+  return generateHashId('change', '', '');
 }
 
 /**