wogiflow 2.18.1 → 2.20.0

package/bin/flow

@@ -218,6 +218,17 @@ function main() {
     return;
   }
 
+  if (command === 'config') {
+    const { configCommand } = require('../lib/commands/config');
+    try {
+      configCommand(args.slice(1));
+    } catch (err) {
+      console.error(`Config error: ${err.message}`);
+      process.exit(1);
+    }
+    return;
+  }
+
   // For all other commands, try to find project context
   const projectRoot = findProjectRoot();
 

package/lib/commands/config.js

@@ -0,0 +1,148 @@
+'use strict';
+
+/**
+ * `flow config` — inspect and compact the project's .workflow/config.json.
+ *
+ * Subcommands:
+ *   flow config show          Show the current (on-disk) config as written
+ *   flow config show --full   Show the fully-merged config (defaults + overrides)
+ *   flow config show --diff   Show only the keys this project overrides
+ *   flow config compact       Rewrite config.json to lean form (overrides only)
+ *   flow config compact --dry Preview the compacted form without writing
+ *
+ * Added in v2.19.0 alongside the lean-config-on-init change. See
+ * `lib/installer.js` `buildLeanInstallConfig()` for the write-time counterpart.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+function resolveProjectRoot() {
+  let dir = process.cwd();
+  for (let i = 0; i < 20; i++) {
+    if (fs.existsSync(path.join(dir, '.workflow', 'config.json'))) return dir;
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  throw new Error('Not in a WogiFlow project (no .workflow/config.json found)');
+}
+
+function readProjectConfig(projectRoot) {
+  const configPath = path.join(projectRoot, '.workflow', 'config.json');
+  const raw = fs.readFileSync(configPath, 'utf-8');
+  return { configPath, raw, parsed: JSON.parse(raw) };
+}
+
+function configCommand(args) {
+  const sub = args[0];
+  const flags = args.slice(1);
+
+  if (!sub || sub === '--help' || sub === '-h') {
+    printHelp();
+    return;
+  }
+
+  const projectRoot = resolveProjectRoot();
+
+  if (sub === 'show') {
+    return showConfig(projectRoot, flags);
+  }
+
+  if (sub === 'compact') {
+    return compactConfig(projectRoot, flags);
+  }
+
+  console.error(`Unknown config subcommand: ${sub}`);
+  printHelp();
+  process.exit(1);
+}
+
+function showConfig(projectRoot, flags) {
+  const { configPath, parsed } = readProjectConfig(projectRoot);
+  const { mergeWithDefaults, computeLeanConfig } = require('../../scripts/flow-config-defaults');
+
+  if (flags.includes('--full')) {
+    const merged = mergeWithDefaults(parsed);
+    console.log(JSON.stringify(merged, null, 2));
+    return;
+  }
+
+  if (flags.includes('--diff')) {
+    const merged = mergeWithDefaults(parsed);
+    const lean = computeLeanConfig(merged);
+    console.log(JSON.stringify(lean, null, 2));
+    return;
+  }
+
+  // Default: show what's on disk.
+  const relPath = path.relative(projectRoot, configPath);
+  console.log(`# ${relPath} (on disk — ${Object.keys(parsed).length} top-level keys)`);
+  console.log(JSON.stringify(parsed, null, 2));
+  console.log('');
+  console.log('# Tips:');
+  console.log('#   flow config show --full   see the fully-merged config (defaults + overrides)');
+  console.log('#   flow config show --diff   see only the keys this project overrides');
+  console.log('#   flow config compact       shrink this file to overrides-only');
+}
+
+function compactConfig(projectRoot, flags) {
+  const { configPath, parsed } = readProjectConfig(projectRoot);
+  const { mergeWithDefaults, computeLeanConfig } = require('../../scripts/flow-config-defaults');
+
+  // mergeWithDefaults → computeLeanConfig round-trip produces the canonical
+  // lean form. Doing it via merge-first ensures any keys that used to have
+  // non-default values but now match a new default get correctly removed.
+  const merged = mergeWithDefaults(parsed);
+  const lean = computeLeanConfig(merged);
+
+  const beforeBytes = JSON.stringify(parsed, null, 2).length;
+  const afterBytes = JSON.stringify(lean, null, 2).length;
+  const savedPct = beforeBytes > 0 ? Math.round(((beforeBytes - afterBytes) / beforeBytes) * 100) : 0;
+
+  if (flags.includes('--dry') || flags.includes('--dry-run')) {
+    console.log('# Preview — would write:');
+    console.log(JSON.stringify(lean, null, 2));
+    console.log('');
+    console.log(`# Before: ${beforeBytes} bytes, ${Object.keys(parsed).length} top-level keys`);
+    console.log(`# After:  ${afterBytes} bytes, ${Object.keys(lean).length} top-level keys (-${savedPct}%)`);
+    console.log('# Run without --dry to apply.');
+    return;
+  }
+
+  // Backup first — compaction is reversible, but cheap insurance is free.
+  const backupPath = `${configPath}.bak-${Date.now()}`;
+  fs.copyFileSync(configPath, backupPath);
+
+  fs.writeFileSync(configPath, JSON.stringify(lean, null, 2) + '\n');
+
+  console.log(`✓ Compacted ${path.relative(projectRoot, configPath)}`);
+  console.log(`  Before: ${beforeBytes} bytes, ${Object.keys(parsed).length} top-level keys`);
+  console.log(`  After:  ${afterBytes} bytes, ${Object.keys(lean).length} top-level keys (-${savedPct}%)`);
+  console.log(`  Backup: ${path.relative(projectRoot, backupPath)}`);
+  console.log('');
+  console.log('Runtime behavior is unchanged — defaults merge in at read time.');
+  console.log('Verify with: flow config show --full');
+}
+
+function printHelp() {
+  console.log(`Usage: flow config <subcommand> [flags]
+
+Inspect and compact the project's .workflow/config.json.
+
+Subcommands:
+  show                  Show the current config as written on disk
+  show --full           Show the fully-merged config (defaults + overrides)
+  show --diff           Show only the keys this project overrides
+  compact               Rewrite config.json to overrides-only form
+  compact --dry         Preview the compacted form without writing
+
+Why "lean" configs (v2.19.0+):
+  The runtime config loader merges CONFIG_DEFAULTS on every read, so any key
+  matching the default is redundant noise. New installs write lean configs by
+  default. Existing fat configs still work identically — run 'flow config
+  compact' to shrink them.
+`);
+}
+
+module.exports = { configCommand, showConfig, compactConfig, resolveProjectRoot };

package/lib/installer.js

@@ -520,21 +520,37 @@ function createWorkflowStructure(projectRoot, config) {
     }
   }
 
-  // Create config.json using shared defaults with project-specific overrides
+  // Create config.json — LEAN by default (v2.19.0+).
+  // Only project-specific identity keys + any overrides the installer selected
+  // interactively are written. The runtime loader (flow-config-loader.js)
+  // merges CONFIG_DEFAULTS on every read via mergeWithDefaults(), so a lean
+  // file behaves identically to a fully-specified one.
+  //
+  // This replaces the prior behavior of dumping the full ~300-line default
+  // tree on every `flow init`, which was confusing (users thought they had
+  // to maintain all those keys) and brittle (every new default shipped in a
+  // release became stale in every existing project's config file).
   const configPath = path.join(workflowDir, 'config.json');
-  const configContent = getDefaultConfig({
+  const fullConfig = getDefaultConfig({
     version: config.version,
     projectName: config.projectName,
     projectType: config.projectType || 'unknown',
     strictMode: config.strictMode
   });
-  fs.writeFileSync(configPath, JSON.stringify(configContent, null, 2));
-
-  // Sync .gitignore entries for enabled features
+  const leanConfig = buildLeanInstallConfig(fullConfig, config);
+  fs.writeFileSync(configPath, JSON.stringify(leanConfig, null, 2) + '\n');
+  // To inspect the fully-merged config (defaults + your overrides), run:
+  //   flow config show --full
+  // To compact an existing fat config back to lean form, run:
+  //   flow config compact
+
+  // Sync .gitignore entries for enabled features. Pass the fully-merged
+  // config (not the lean on-disk form) so gitignore can see all enabled
+  // feature flags, including those inherited from defaults.
   try {
     const { syncGitignore } = require('../scripts/flow-gitignore');
-    syncGitignore(configContent);
-  } catch (err) {
+    syncGitignore(fullConfig);
+  } catch (_err) {
     // Non-blocking — gitignore sync should never fail installation
   }
 
@@ -1118,4 +1134,42 @@ function walkDirForManifest(dir, baseDir, fileSet) {
   }
 }
 
-module.exports = { init, getDefaultConfig, deepMerge, detectProjectType, detectProjectScripts, detectTsConfigMode, getRegistriesForProjectType };
+/**
+ * Build the lean config written by `flow init` (v2.19.0+).
+ *
+ * The runtime loader merges CONFIG_DEFAULTS on every read, so we only need to
+ * persist values that (a) identify this project or (b) differ from the default.
+ * We prefer the `computeLeanConfig()` diff over a hand-picked allowlist so any
+ * interactive-install overrides (e.g. strictMode toggled off) are preserved.
+ *
+ * @param {Object} fullConfig - The fully-merged config object from getDefaultConfig()
+ * @param {Object} config - The install-time config selections (projectName, version, etc.)
+ * @returns {Object} Lean config suitable for writing to .workflow/config.json
+ */
+function buildLeanInstallConfig(fullConfig, config) {
+  const { computeLeanConfig } = require('../scripts/flow-config-defaults');
+  const lean = computeLeanConfig(fullConfig);
+
+  // Ensure identity keys are always present with the expected shape.
+  const out = {
+    $schema: './config.schema.json',
+    version: config.version,
+    projectName: config.projectName || '',
+    cli: { type: 'claude-code' },
+    ...lean
+  };
+
+  // Strip identity keys from the lean block so they aren't duplicated.
+  // (The spread above means lean's values would win; we want OURS to win.)
+  return {
+    $schema: out.$schema,
+    version: out.version,
+    projectName: out.projectName,
+    cli: out.cli,
+    ...Object.fromEntries(
+      Object.entries(lean).filter(([k]) => !['$schema', 'version', 'projectName', 'cli'].includes(k))
+    )
+  };
+}
+
+module.exports = { init, getDefaultConfig, deepMerge, detectProjectType, detectProjectScripts, detectTsConfigMode, getRegistriesForProjectType, buildLeanInstallConfig };

package/lib/workspace.js

@@ -1199,6 +1199,22 @@ You are a workspace worker. There is NO human watching your terminal. You MUST o
 - **Auto-approve all reviews**: If /wogi-review asks for fix options, choose Option 1 (fix all) automatically.
 - **Never ask clarifying questions**: If something is ambiguous, make a reasonable decision and note it in your reply to the manager.
 
+### End-of-Turn Must Be a Deterministic Action (v2.20.0+)
+
+"Awaiting your signal" is NOT a valid terminal state. Exactly one of these must be true at end-of-turn:
+
+1. **ACTION** — You started the next pre-approved channel dispatch (e.g., invoked \`Skill(skill="wogi-start", args="wf-XXXXXXXX")\`), OR
+2. **ESCALATION** — You channel-dispatched a \`## QUESTION:\` to the manager because you are genuinely blocked and Steps 1-2 of the Resolution Protocol above did not unstick you, OR
+3. **IDLE** — There are zero pending channel dispatches in ready.json AND zero tasks in progress. This is the only legitimate "wait" state.
+
+**Hedging language is forbidden**: "awaiting your signal", "let me know if you want", "or will proceed", "should I continue", "ready when you are", "standing by", "awaiting confirmation". These phrases invent a decision point that does not exist in autonomous mode — the dispatch was already pre-approved by the manager's decision to queue it.
+
+**Visibility is NOT a substitute for action.** You can narrate AND act in the same turn. State what you just did and what you are starting next, THEN start it. Do not treat the summary as a stopping point.
+
+**Common rationalization to resist**: *"Let me give the owner visibility before acting."* That is the anti-pattern. The owner does not see your terminal. The only way they see progress is through (a) manager reports as you complete tasks and (b) the manager dispatching the next work. Stopping between queued dispatches creates a gap in both signals.
+
+The \`TaskCompleted\` hook will inject an auto-pickup directive when channel dispatches are queued (v2.20.0+). The \`Stop\` hook will BLOCK end-of-turn if you try to stop while dispatches are queued and no task is in progress. These enforcements exist because the silent-stall pattern was incident-worthy (2026-04-16).
+
 ### CRITICAL: Stop, Don't Degrade
 
 **If you cannot verify your work to the required evidence tier, you may NOT mark the task as complete.** Report it as BLOCKED with the specific verification gap.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.18.1",
+  "version": "2.20.0",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -10,7 +10,7 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
+    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
     "test:syntax": "find scripts/ lib/ -name '*.js' -not -path '*/node_modules/*' -exec node --check {} +",
     "lint": "eslint scripts/ lib/ tests/",
     "lint:ci": "eslint scripts/ lib/ tests/ --max-warnings 0",

package/scripts/flow-config-defaults.js

@@ -396,7 +396,11 @@ const CONFIG_DEFAULTS = {
     _comment_workerGatesSovereign: 'When true, workers cannot skip their own quality gates even if the manager instructs them to',
     workerGatesSovereign: true,
     managerCanOverrideLevel: false,
-    managerCanSkipGates: false
+    managerCanSkipGates: false,
+    _comment_autoPickupChannelDispatches: 'v2.20.0+: After task completion, if channel-dispatched tasks are queued in ready.json, the task-completed hook injects additionalContext instructing the AI to auto-invoke /wogi-start on the next queued task in the same turn. Prevents "Sauteed worker" silent stalls between queued dispatches. The Stop hook also blocks end-of-turn when queued dispatches exist but no task is in progress — making "awaiting signal" language mechanically impossible as a terminal state.',
+    autoPickupChannelDispatches: true,
+    _comment_diagnosticCurlBypass: 'v2.20.0+: When true, PreToolUse routing gate allows narrow curl-to-manager-port when replying to channel messages tagged INTROSPECTION or DIAGNOSTIC, with body starting "## ". Unblocks diagnostic round-trips without forcing fake task creation. Scope: localhost:8800 only.',
+    diagnosticCurlBypass: true
   },
   checkpoint: { enabled: false },
   regressionTesting: { enabled: false },
@@ -867,14 +871,16 @@ const CONFIG_DEFAULTS = {
   // detects the restart flag and relaunches claude. See lib/wogi-claude for
   // the wrapper. See scripts/hooks/core/task-boundary-reset.js for the trigger.
   //
-  // REQUIRES verification against real Claude Code before enabling broadly —
-  // the SIGTERM-to-parent pattern must be confirmed to exit Claude Code
-  // gracefully. Keep disabled until integration test in a throwaway session
-  // confirms clean exit + flag consumption + fresh restart.
+  // Per-task context reset via wogi-claude wrapper. Validated in v2.17.0 for
+  // workspace workers (manager sessions deliberately skip restart to avoid
+  // orchestration storms — see resolveClaudeSpawnCommand in lib/workspace.js).
+  // Enabled by default as of v2.19.0 after the "Sautéed worker" UX complaint:
+  // without it, workers sit idle after task completion instead of restarting
+  // fresh and ready for the next dispatch. Users who want the old behavior
+  // can set `enabled: false` explicitly.
   taskBoundaryReset: {
-    _comment: 'Opt-in per-task context reset via wogi-claude wrapper. See lib/wogi-claude.',
-    enabled: false,
-    _comment_enabled: 'Set true ONLY after verifying SIGTERM behavior with real Claude Code in a throwaway session.',
+    _comment: 'Per-task context reset via wogi-claude wrapper. See lib/wogi-claude.',
+    enabled: true,
     maxRestartsPerSession: 50,
     _comment_maxRestartsPerSession: 'Safety cap. The wrapper also has WOGI_MAX_RESTARTS env override.'
   },
@@ -1166,6 +1172,72 @@ function mergeWithDefaults(userConfig) {
   return deepMerge(CONFIG_DEFAULTS, userConfig);
 }
 
+/**
+ * Compute the "lean" form of a config — the minimal object that, when passed
+ * through mergeWithDefaults(), reproduces the input. Removes every key whose
+ * value equals the default. Nested objects are diffed recursively; arrays and
+ * primitives are compared by JSON equality.
+ *
+ * Always preserves these identity keys even if they match defaults:
+ *   - `$schema`, `version`, `projectName`, `cli`, `_configVersion`
+ * These anchor the file's purpose and let tooling (VS Code JSON schema, config
+ * migrations) work correctly on the lean file.
+ *
+ * Round-trip guarantee:
+ *   mergeWithDefaults(computeLeanConfig(full)) deep-equals mergeWithDefaults(full)
+ * for any input — verified in tests.
+ *
+ * @param {Object} fullConfig - A fully-merged config (or any config object)
+ * @returns {Object} Lean config containing only overrides + identity keys
+ */
+function computeLeanConfig(fullConfig) {
+  if (!fullConfig || typeof fullConfig !== 'object') {
+    return {};
+  }
+  const IDENTITY_KEYS = new Set(['$schema', 'version', 'projectName', 'cli', '_configVersion', 'projectType']);
+  return diffAgainstDefaults(fullConfig, CONFIG_DEFAULTS, IDENTITY_KEYS, true);
+}
+
+function diffAgainstDefaults(user, defaults, identityKeys, isRoot) {
+  const out = {};
+  for (const key of Object.keys(user)) {
+    const uVal = user[key];
+    const dVal = defaults ? defaults[key] : undefined;
+
+    // Preserve identity keys at the root regardless of equality.
+    if (isRoot && identityKeys.has(key)) {
+      out[key] = uVal;
+      continue;
+    }
+
+    // Comment fields (prefix _comment) are metadata from the defaults file —
+    // don't propagate into user configs, they bloat without adding meaning.
+    if (typeof key === 'string' && key.startsWith('_comment')) {
+      continue;
+    }
+
+    if (dVal === undefined) {
+      // Key doesn't exist in defaults — it's fully user-defined, keep it.
+      out[key] = uVal;
+      continue;
+    }
+
+    if (isPlainObject(uVal) && isPlainObject(dVal)) {
+      const nested = diffAgainstDefaults(uVal, dVal, identityKeys, false);
+      if (Object.keys(nested).length > 0) {
+        out[key] = nested;
+      }
+      continue;
+    }
+
+    // Primitive / array / null comparison via JSON stringify.
+    if (JSON.stringify(uVal) !== JSON.stringify(dVal)) {
+      out[key] = uVal;
+    }
+  }
+  return out;
+}
+
 /**
  * Apply project-type-aware defaults to a config.
  * Strips/disables irrelevant sections based on detected project type.
@@ -1249,5 +1321,6 @@ module.exports = {
   isPlainObject,
   getDefaultsForKey,
   mergeWithDefaults,
+  computeLeanConfig,
   applyProjectTypeDefaults
 };

package/scripts/hooks/adapters/claude-code.js

@@ -471,14 +471,23 @@ Run: /wogi-start ${coreResult.nextTaskId}`;
       return { continue: true };
     }
 
+    // Gap A (v2.20.0) — inject auto-pickup additionalContext when workspace
+    // worker has queued channel dispatches. Core already decided whether this
+    // applies (only fires in workspace worker mode + autoPickupChannelDispatches
+    // config + at least one queued dispatch).
+    const hookSpecificOutput = {
+      hookEventName: 'TaskCompleted',
+      completed: coreResult.completed,
+      taskId: coreResult.taskId
+    };
+    if (coreResult.workspaceAutoPickup?.additionalContext) {
+      hookSpecificOutput.additionalContext = coreResult.workspaceAutoPickup.additionalContext;
+    }
+
     return {
       continue: true,
       ...(coreResult.message && { systemMessage: coreResult.message }),
-      hookSpecificOutput: {
-        hookEventName: 'TaskCompleted',
-        completed: coreResult.completed,
-        taskId: coreResult.taskId
-      }
+      hookSpecificOutput
     };
   }
 

package/scripts/hooks/core/pre-tool-orchestrator.js

@@ -177,7 +177,7 @@ function runPreToolGates(ctx, deps) {
   ]);
   if (!skipRoutingGateForSubagent && !skipRoutingGateForReadOnlyGit && GATED_TOOLS.has(toolName)) {
     try {
-      const routingResult = deps.checkRoutingGate(toolName, config);
+      const routingResult = deps.checkRoutingGate(toolName, config, toolInput);
       if (routingResult.blocked) {
         return {
           allowed: false,

package/scripts/hooks/core/routing-gate.js

@@ -285,9 +285,10 @@ function isRoutingPending() {
  *
  * @param {string} toolName - The tool being called (e.g., 'Bash')
  * @param {Object} [config] - Pre-loaded config (optional, falls back to getConfig())
+ * @param {Object} [toolInput] - Tool input (optional, used for v2.20.0 diagnostic bypass)
  * @returns {{ allowed: boolean, blocked: boolean, reason: string, message: string|null }}
  */
-function checkRoutingGate(toolName, config) {
+function checkRoutingGate(toolName, config, toolInput) {
   // Gate ALL tools that allow the AI to act without routing through /wogi-start.
   // Edit/Write/NotebookEdit were the critical gap: AI could edit ready.json (exempt
   // from task gate) to create a fake active task, then edit anything freely.
@@ -317,6 +318,26 @@ function checkRoutingGate(toolName, config) {
   // This meant any in-progress task from a prior turn bypassed routing entirely.
   // The only way to clear routing-pending is to invoke a /wogi-* skill.
 
+  // Gap D (v2.20.0) — diagnostic curl bypass for workspace workers.
+  // When a manager sends an INTROSPECTION/DIAGNOSTIC channel message, the
+  // worker needs to curl-reply to localhost:8800 with a structured "## " body.
+  // Without this bypass, answering diagnostic questions forces the worker to
+  // create a fake task just to satisfy routing — which is itself an
+  // anti-pattern. Narrow allowlist: Bash + curl + localhost:manager-port +
+  // body starts with "## " + config flag enabled.
+  try {
+    if (toolName === 'Bash' && isDiagnosticCurlBypass(toolInput, config)) {
+      return {
+        allowed: true,
+        blocked: false,
+        reason: 'diagnostic_curl_bypass',
+        message: null
+      };
+    }
+  } catch (_err) {
+    // Fail-closed — if bypass check errors, default to the normal block path.
+  }
+
   // Block: routing is pending and no /wogi-* command has been invoked this turn
   // NOTE: This message is shown to the AI as permissionDecisionReason.
   // It must be prescriptive enough that the AI invokes /wogi-start instead of
@@ -337,6 +358,67 @@ function checkRoutingGate(toolName, config) {
   };
 }
 
+/**
+ * Gap D — recognize a narrow curl-to-manager bypass for diagnostic replies.
+ *
+ * Allowed iff ALL hold:
+ *   - config.workspace.diagnosticCurlBypass !== false
+ *   - Tool is Bash and command contains a single curl to
+ *     http(s)://(127\\.0\\.0\\.1|localhost):{managerPort} (default 8800)
+ *   - The curl body (`-d`, `--data`, `--data-binary`, `--data-raw`) starts
+ *     with "## " (structured channel reply marker)
+ *   - Body contains one of the diagnostic markers: "INTROSPECTION",
+ *     "DIAGNOSTIC", "## QUESTION:", or "## ANSWER:" (so generic curl-to-8800
+ *     doesn't escape routing — only diagnostic/question/answer replies do)
+ *
+ * This bypass is specifically NARROW by design — we want to unblock diagnostic
+ * round-trips without opening a back door. Generic curl to any URL, curl to a
+ * different port, or curl with a non-"## " body all still hit the normal block.
+ *
+ * @param {Object} toolInput - Bash tool input ({ command: string, ... })
+ * @param {Object} config - Loaded config
+ * @returns {boolean}
+ */
+function isDiagnosticCurlBypass(toolInput, config) {
+  if (!toolInput || typeof toolInput !== 'object') return false;
+  if (config?.workspace?.diagnosticCurlBypass === false) return false;
+
+  const command = String(toolInput.command || '');
+  if (!command.includes('curl')) return false;
+
+  // Must target localhost or 127.0.0.1 on the manager port.
+  const managerPort = process.env.WOGI_MANAGER_PORT ||
+                      String(config?.workspace?.managerPort || '8800');
+  // Validate port shape first — prevents regex injection.
+  if (!/^\d{2,5}$/.test(String(managerPort))) return false;
+  const portPattern = new RegExp(
+    `https?://(?:127\\.0\\.0\\.1|localhost):${managerPort}(?:[/\\s"'\\\\]|$)`
+  );
+  if (!portPattern.test(command)) return false;
+
+  // Extract the body argument. Recognized flags: -d, --data, --data-binary,
+  // --data-raw, --data-urlencode. The body can be:
+  //   (a) literal string: -d "## ANSWER: ..."
+  //   (b) @-  (from stdin — we can't inspect)
+  //   (c) @filename
+  const bodyMatch = command.match(
+    /--data(?:-binary|-raw|-urlencode)?\s+(['"])([\s\S]*?)\1|-d\s+(['"])([\s\S]*?)\3/
+  );
+  const literalBody = bodyMatch ? (bodyMatch[2] || bodyMatch[4] || '') : '';
+
+  // Stdin / file bodies (@-) cannot be inspected — we conservatively reject
+  // them for this bypass. The worker should use literal `-d "## ..."` instead.
+  if (/--data(?:-binary|-raw|-urlencode)?\s+@|-d\s+@/.test(command) && !literalBody) {
+    return false;
+  }
+
+  if (!literalBody.startsWith('## ')) return false;
+
+  // Final marker check — body must contain one of the diagnostic markers.
+  const markers = ['INTROSPECTION', 'DIAGNOSTIC', '## QUESTION:', '## ANSWER:'];
+  return markers.some(m => literalBody.includes(m));
+}
+
 /**
  * Increment the stop-attempt counter in the routing flag.
  * Used by the Stop hook instead of clearing the flag outright,
@@ -385,6 +467,7 @@ function incrementStopAttempts(maxAttempts = 10) {
 }
 
 module.exports = {
+  isDiagnosticCurlBypass,
   isRoutingGateEnabled,
   hasActiveTask,
   setRoutingPending,

package/scripts/hooks/core/task-completed.js

@@ -539,7 +539,143 @@ async function handleTaskCompleted(input) {
     result.message = `Task completed handler error: ${err.message}`;
   }
 
+  // Gap A (v2.20.0) — workspace worker auto-pickup of queued channel dispatches.
+  //
+  // Without this, a worker completes a task, reports to manager, then ends the
+  // turn. Any channel-dispatches that landed while the worker was busy remain
+  // in ready.json indefinitely — the worker sits idle ("awaiting signal").
+  //
+  // Fix: when a workspace worker's task completes and queued channel dispatches
+  // exist, emit additionalContext instructing the AI to auto-invoke
+  // /wogi-start <nextId> in the SAME turn, before the Stop hook fires.
+  //
+  // Only runs in worker mode (WOGI_WORKSPACE_ROOT + WOGI_REPO_NAME !== 'manager').
+  // Manager sessions deliberately do NOT auto-pickup — that would hijack user
+  // orchestration.
+  if (result.completed && isWorkspaceWorker()) {
+    try {
+      const pickup = findQueuedChannelDispatches();
+      if (pickup.count > 0) {
+        result.workspaceAutoPickup = {
+          nextTaskId: pickup.nextTaskId,
+          queuedCount: pickup.count,
+          additionalContext: buildAutoPickupContext(pickup)
+        };
+      }
+    } catch (err) {
+      if (process.env.DEBUG) {
+        console.error(`[Task Completed] Auto-pickup check failed (non-fatal): ${err.message}`);
+      }
+    }
+  }
+
   return result;
 }
 
-module.exports = { handleTaskCompleted, isTaskCompletedEnabled };
+/**
+ * Detect if the current process is a workspace worker (not a manager and not a
+ * single-repo session). Requires WOGI_WORKSPACE_ROOT env var set by the worker
+ * spawn path AND WOGI_REPO_NAME to be something other than 'manager'.
+ *
+ * @returns {boolean}
+ */
+function isWorkspaceWorker() {
+  if (!process.env.WOGI_WORKSPACE_ROOT) return false;
+  const repo = process.env.WOGI_REPO_NAME;
+  if (!repo || repo === 'manager') return false;
+  return true;
+}
+
+/**
+ * Scan ready.json for channel-dispatched tasks that are queued but not in
+ * progress. Returns the oldest pending task (FIFO — channel dispatches should
+ * be processed in arrival order).
+ *
+ * Tagging conventions recognized (in priority order):
+ *   1. task.channelSource === 'wogi-workspace-channel' (explicit tag)
+ *   2. task.source starts with 'workspace:' (existing tag from
+ *      lib/workspace-routing.js decomposeToRepoTasks at line 428)
+ *   3. task.dispatchedBy === 'workspace-manager' (alternate explicit tag)
+ *
+ * Tasks already in inProgress are NOT counted — the AI already has work to do.
+ *
+ * @returns {{ count: number, nextTaskId: string|null, nextTaskTitle: string|null }}
+ */
+function findQueuedChannelDispatches() {
+  const config = getConfig();
+  if (config.workspace?.autoPickupChannelDispatches === false) {
+    return { count: 0, nextTaskId: null, nextTaskTitle: null };
+  }
+
+  const readyPath = path.join(PATHS.state, 'ready.json');
+  const ready = safeJsonParse(readyPath, { ready: [], inProgress: [] });
+
+  // If anything is in progress, the worker already has direction. Don't auto-pickup.
+  if ((ready.inProgress || []).length > 0) {
+    return { count: 0, nextTaskId: null, nextTaskTitle: null };
+  }
+
+  const queued = (ready.ready || []).filter(isChannelDispatched);
+  if (queued.length === 0) {
+    return { count: 0, nextTaskId: null, nextTaskTitle: null };
+  }
+
+  // FIFO — pick the earliest created. Tasks without createdAt fall through
+  // to input order (JavaScript sort is stable for equal keys).
+  const sorted = [...queued].sort((a, b) => {
+    const at = a.createdAt || a.created || '';
+    const bt = b.createdAt || b.created || '';
+    return at.localeCompare(bt);
+  });
+  const next = sorted[0];
+
+  return {
+    count: queued.length,
+    nextTaskId: next?.id || null,
+    nextTaskTitle: next?.title || null
+  };
+}
+
+function isChannelDispatched(task) {
+  if (!task || typeof task !== 'object') return false;
+  if (task.channelSource === 'wogi-workspace-channel') return true;
+  if (task.dispatchedBy === 'workspace-manager') return true;
+  if (typeof task.source === 'string' && task.source.startsWith('workspace:')) return true;
+  return false;
+}
+
+/**
+ * Build the additionalContext text that instructs the AI to auto-invoke
+ * /wogi-start on the next queued dispatch. Wording is deliberately imperative —
+ * hedging ("consider", "you may wish to") was the exact anti-pattern that
+ * caused the original silent-stall incident (worker introspection 2026-04-16).
+ */
+function buildAutoPickupContext({ count, nextTaskId, nextTaskTitle }) {
+  const s = count === 1 ? '' : 's';
+  return [
+    `⚡ WORKSPACE AUTONOMOUS PICKUP (${count} channel dispatch${s} queued):`,
+    '',
+    `You just completed a task. ${count} more channel-dispatched task${s} ${count === 1 ? 'is' : 'are'} queued in ready.json.`,
+    `Next: ${nextTaskId} — ${nextTaskTitle || '(no title)'}`,
+    '',
+    'AUTONOMOUS MODE CONTRACT (workspace worker):',
+    '  • These dispatches are pre-approved by the manager.',
+    '  • You MUST start the next one IMMEDIATELY in this same turn.',
+    '  • Do NOT end the turn with hedging language ("awaiting signal",',
+    '    "let me know if you want", "or will proceed"). Those are forbidden.',
+    '  • Visibility is NOT a substitute for action. You can narrate AND act',
+    '    in the same turn.',
+    '',
+    `ACT NOW: Invoke Skill(skill="wogi-start", args="${nextTaskId}")`
+  ].join('\n');
+}
+
+module.exports = {
+  handleTaskCompleted,
+  isTaskCompletedEnabled,
+  // Exposed for testing (v2.20.0)
+  isWorkspaceWorker,
+  findQueuedChannelDispatches,
+  isChannelDispatched,
+  buildAutoPickupContext
+};

package/scripts/hooks/entry/claude-code/stop.js

@@ -183,6 +183,65 @@ runHook('Stop', async ({ parsedInput }) => {
     // Never block Stop on restart-module errors.
   }
 
+  // Gap B (v2.20.0) — block end-of-turn when a workspace worker has queued
+  // channel dispatches but no task in progress. This is the hedging-as-terminal-
+  // state anti-pattern ("awaiting signal or will proceed"). The worker MUST
+  // either (a) start the next dispatch or (b) escalate via ## QUESTION: — idle
+  // with pending dispatches is not a valid end-of-turn state.
+  //
+  // Gap A already injects additionalContext telling the AI to auto-pickup. This
+  // gate is the second line of defense: if the AI ignored the context and tried
+  // to stop anyway, block it.
+  try {
+    const isWorker = process.env.WOGI_WORKSPACE_ROOT &&
+                     process.env.WOGI_REPO_NAME &&
+                     process.env.WOGI_REPO_NAME !== 'manager';
+    if (isWorker) {
+      const { getConfig, PATHS, safeJsonParse } = require('../../../flow-utils');
+      const path = require('node:path');
+      const config = getConfig();
+      const gateEnabled = config.workspace?.autoPickupChannelDispatches !== false;
+      if (gateEnabled) {
+        const ready = safeJsonParse(path.join(PATHS.state, 'ready.json'), { ready: [], inProgress: [] });
+        const inProgressCount = (ready.inProgress || []).length;
+        const queued = (ready.ready || []).filter(t => {
+          if (!t || typeof t !== 'object') return false;
+          return t.channelSource === 'wogi-workspace-channel' ||
+                 t.dispatchedBy === 'workspace-manager' ||
+                 (typeof t.source === 'string' && t.source.startsWith('workspace:'));
+        });
+        if (inProgressCount === 0 && queued.length > 0) {
+          const nextId = queued[0].id;
+          const msg = [
+            `AUTONOMOUS MODE VIOLATION: ${queued.length} channel dispatch(es) queued, no task in progress.`,
+            '',
+            `You are a workspace worker — "awaiting your signal" / "let me know" / "or will proceed" is NOT a valid terminal state.`,
+            '',
+            'Exactly one of these must be true at end-of-turn:',
+            '  (a) You started the next pre-approved dispatch (ACTION), or',
+            '  (b) You channel-dispatched a "## QUESTION:" to manager (ESCALATION), or',
+            '  (c) Zero queued and zero in-progress (IDLE — not your current state).',
+            '',
+            `ACT NOW: Invoke Skill(skill="wogi-start", args="${nextId}")`,
+            '',
+            `Or escalate: curl -s -X POST http://127.0.0.1:${process.env.WOGI_MANAGER_PORT || '8800'} \\`,
+            `  -H "X-Wogi-From: ${process.env.WOGI_REPO_NAME}" \\`,
+            `  --data-binary "## QUESTION: <your blocker>"`
+          ].join('\n');
+          return { __raw: true, continue: true, stopReason: msg };
+        }
+      }
+    }
+  } catch (err) {
+    // Fail-OPEN for this specific gate — we do not want a bug here to block
+    // legitimate stops. The routing gate above is fail-closed; this one isn't
+    // because unlike routing it's not a last-line-of-defense — the auto-pickup
+    // additionalContext already nudged the AI before this point.
+    if (process.env.DEBUG) {
+      console.error(`[Stop] Workspace autopickup gate error (fail-open): ${err.message}`);
+    }
+  }
+
   // Check if loop can exit
   return await checkLoopExit();
 }, { failMode: 'warn', failOutput: { continue: false } });