wogiflow 2.20.1 → 2.22.0

package/scripts/flow-worker-question-classifier.js

@@ -0,0 +1,256 @@
+'use strict';
+
+/**
+ * Wogi Flow — Worker Question Classifier (v2.21.0+)
+ *
+ * AI-based semantic detector that runs at Stop-hook time in workspace worker
+ * mode and answers ONE question about the AI's final assistant message:
+ *
+ *   "Does this message end by asking the user a question that expects
+ *    a user response?"
+ *
+ * If YES + confidence >= threshold + worker mode → Stop hook blocks the turn
+ * with instructions to channel-dispatch `## QUESTION:` to the manager instead.
+ *
+ * Why AI, not regex: the hedging vocabulary is infinite ("let me know",
+ * "should I", "which option", "?", "thoughts?", "any preference?"). User
+ * explicitly requested AI logic over regex in the 2026-04-16 session.
+ *
+ * Design mirrors flow-conclusion-classifier.js / flow-correction-detector.js:
+ *   - Uses existing flow-model-caller.js infrastructure (same plan tokens
+ *     Claude Code already uses)
+ *   - ANTHROPIC_API_KEY absent → returns `{ classified: false, reason:
+ *     'no-credentials' }` — Stop hook treats as no-op, does NOT block.
+ *     This matches the established fail-open pattern.
+ *   - Transcript parsing is defensive — missing, empty, or malformed
+ *     transcript returns `{ classified: false, reason: <specific> }`.
+ *   - JSON response from Haiku validated for shape + prototype-pollution.
+ *   - Fail-open on model error — if the classifier breaks, legitimate
+ *     stops are not affected. A silent-stall false-negative is recoverable;
+ *     a false-positive block on every turn is not.
+ */
+
+const fs = require('node:fs');
+
+const DEFAULT_MIN_CONFIDENCE = 70;
+const DEFAULT_MODEL = 'anthropic:claude-3-5-haiku-latest';
+const MAX_MESSAGE_CHARS = 8000;     // Classifier input cap
+const MAX_TOKENS = 300;             // Classifier output cap (tiny JSON)
+const TEMPERATURE = 0.0;            // Deterministic classification
+
+// Shared prototype-pollution guard (same as flow-conclusion-classifier).
+const { DANGEROUS_KEYS } = require('./flow-io');
+
+/**
+ * Extract the final assistant message from a Claude Code transcript JSONL file.
+ *
+ * Claude Code writes one JSON object per line. Each object represents an event
+ * (user message, assistant message, tool call, tool result, etc.). We scan
+ * backward for the last event where the content resembles an assistant-authored
+ * text block (has `role: 'assistant'` OR `type: 'assistant'` shape).
+ *
+ * Defensive: any IO / parse error returns null. Caller treats null as no-op.
+ *
+ * @param {string} transcriptPath - Absolute path to the JSONL transcript
+ * @returns {string|null} The text of the last assistant message, or null
+ */
+function extractLastAssistantMessage(transcriptPath) {
+  if (!transcriptPath || typeof transcriptPath !== 'string') return null;
+  let raw;
+  try {
+    raw = fs.readFileSync(transcriptPath, 'utf-8');
+  } catch (_err) {
+    return null;
+  }
+  if (!raw || raw.length === 0) return null;
+
+  // Scan from end for lines we can parse as assistant messages.
+  const lines = raw.split('\n');
+  for (let i = lines.length - 1; i >= 0; i--) {
+    const line = lines[i].trim();
+    if (!line) continue;
+    let entry;
+    try {
+      entry = JSON.parse(line);
+    } catch (_err) {
+      continue;  // Skip unparseable lines — transcript may be mid-write.
+    }
+    const text = extractAssistantText(entry);
+    if (text) return text.slice(0, MAX_MESSAGE_CHARS);
+  }
+  return null;
+}
+
+/**
+ * Pull assistant-authored text out of a single transcript entry. The transcript
+ * format has evolved across Claude Code versions — we accept any of:
+ *   - { role: 'assistant', content: 'string' }
+ *   - { role: 'assistant', content: [{ type: 'text', text: '...' }] }
+ *   - { type: 'assistant', message: { content: [{ type: 'text', text: '...' }] } }
+ *   - { type: 'assistant', text: '...' }
+ */
+function extractAssistantText(entry) {
+  if (!entry || typeof entry !== 'object') return null;
+
+  // Direct role/type check.
+  const isAssistant =
+    entry.role === 'assistant' ||
+    entry.type === 'assistant' ||
+    (entry.message && entry.message.role === 'assistant');
+  if (!isAssistant) return null;
+
+  // Pull the content wherever it lives.
+  const content = entry.content ?? entry.message?.content ?? entry.text;
+  if (typeof content === 'string') return content;
+  if (Array.isArray(content)) {
+    // Collect text blocks only — skip tool_use / tool_result blocks.
+    const texts = content
+      .filter(b => b && typeof b === 'object' && (b.type === 'text' || typeof b.text === 'string'))
+      .map(b => String(b.text || ''))
+      .filter(Boolean);
+    if (texts.length > 0) return texts.join('\n').trim();
+  }
+  return null;
+}
+
+/**
+ * Build the Haiku classifier prompt. Kept as a pure string for testability.
+ *
+ * Designed to minimize false positives:
+ *   - Rhetorical questions ("Did the tests pass? Yes.") → NO
+ *   - Narration with trailing "?" ("the question is how to proceed") → NO
+ *   - Actual open-ended ask ("Should I use A or B?" with no answer given) → YES
+ */
+function buildClassifierPrompt(lastMessage) {
+  return `You classify whether an AI assistant's final message to a WORKSPACE WORKER session ends by asking the USER a question that expects a user response.
+
+Context: in workspace mode, workers are autonomous and MUST NOT prompt the user directly — the user only sees the manager terminal, so direct questions stall silently. Workers that need user input MUST channel-dispatch "## QUESTION:" to the manager instead.
+
+Your job: classify YES only when the worker's final message contains an OPEN question the worker is waiting on the user to answer. Classify NO for rhetorical questions that the worker answers itself, narrative descriptions, or questions that have an accompanying decision.
+
+[MESSAGE_START]
+${String(lastMessage || '').slice(0, MAX_MESSAGE_CHARS)}
+[MESSAGE_END]
+
+Return JSON only, no prose, no markdown fences:
+{"isUserQuestion": true|false, "confidence": 0-100, "reason": "one short sentence"}
+
+Examples:
+- "Should I proceed with A or B? Let me know." → {"isUserQuestion": true, "confidence": 95, "reason": "open choice awaiting user decision"}
+- "Did the tests pass? Yes, all 12 passed." → {"isUserQuestion": false, "confidence": 90, "reason": "rhetorical, answered inline"}
+- "I finished the task. Awaiting your signal." → {"isUserQuestion": true, "confidence": 85, "reason": "hedging terminal state awaiting user"}
+- "Task complete. Next: wf-abc12345 — starting now." → {"isUserQuestion": false, "confidence": 95, "reason": "action statement, no question"}`;
+}
+
+/**
+ * Guard parsed JSON response against prototype pollution. Mirrors
+ * flow-conclusion-classifier.hasDangerousKeys.
+ */
+function hasDangerousKeys(value) {
+  if (!value || typeof value !== 'object') return false;
+  if (Array.isArray(value)) return value.some(hasDangerousKeys);
+  for (const key of Object.keys(value)) {
+    if (DANGEROUS_KEYS.has(key)) return true;
+    if (hasDangerousKeys(value[key])) return true;
+  }
+  return false;
+}
+
+/**
+ * Classify the worker's last assistant message.
+ *
+ * @param {Object} opts
+ * @param {string} opts.transcriptPath - Absolute path to session JSONL transcript
+ * @param {number} [opts.minConfidence] - Confidence threshold (default 70)
+ * @param {string} [opts.model] - Model override (default haiku)
+ * @returns {Promise<{
+ *   classified: boolean,
+ *   isUserQuestion?: boolean,
+ *   confidence?: number,
+ *   reason?: string,
+ *   lastMessage?: string
+ * }>}
+ */
+async function classifyWorkerQuestion(opts = {}) {
+  const minConfidence = Number.isFinite(opts.minConfidence) ? opts.minConfidence : DEFAULT_MIN_CONFIDENCE;
+  const model = opts.model || DEFAULT_MODEL;
+
+  // Fail-open gates — any reason to skip returns { classified: false }.
+  if (!process.env.ANTHROPIC_API_KEY) {
+    return { classified: false, reason: 'no-credentials' };
+  }
+  if (!opts.transcriptPath) {
+    return { classified: false, reason: 'no-transcript-path' };
+  }
+
+  const lastMessage = extractLastAssistantMessage(opts.transcriptPath);
+  if (!lastMessage || lastMessage.length < 10) {
+    return { classified: false, reason: 'no-last-message', lastMessage };
+  }
+
+  let callModel;
+  try {
+    ({ callModel } = require('./flow-model-caller'));
+  } catch (_err) {
+    return { classified: false, reason: 'no-model-caller' };
+  }
+
+  let result;
+  try {
+    result = await callModel(model, buildClassifierPrompt(lastMessage), {
+      temperature: TEMPERATURE,
+      maxTokens: MAX_TOKENS
+    });
+  } catch (err) {
+    if (process.env.DEBUG) {
+      console.error(`[worker-question-classifier] model call failed: ${err.message}`);
+    }
+    return { classified: false, reason: 'model-error' };
+  }
+
+  // flow-model-caller returns { success, response, ... } where `response` is the text.
+  // Earlier classifiers read `.content`; accept both shapes for resilience.
+  const raw = String(result?.response ?? result?.content ?? '').trim();
+  if (!raw) return { classified: false, reason: 'empty-response' };
+
+  const jsonMatch = raw.match(/\{[\s\S]*\}/);
+  if (!jsonMatch) return { classified: false, reason: 'non-json-response' };
+
+  let parsed;
+  try {
+    parsed = JSON.parse(jsonMatch[0]);
+  } catch (_err) {
+    return { classified: false, reason: 'json-parse-error' };
+  }
+
+  if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+    return { classified: false, reason: 'bad-shape' };
+  }
+  if (hasDangerousKeys(parsed)) {
+    return { classified: false, reason: 'dangerous-keys' };
+  }
+
+  const isUserQuestion = Boolean(parsed.isUserQuestion);
+  const confidence = Number.isFinite(parsed.confidence) ? Math.round(parsed.confidence) : 0;
+  const reason = typeof parsed.reason === 'string' ? parsed.reason.slice(0, 240) : '';
+
+  return {
+    classified: true,
+    isUserQuestion,
+    confidence,
+    reason,
+    lastMessage,
+    blocked: isUserQuestion && confidence >= minConfidence,
+    minConfidence
+  };
+}
+
+module.exports = {
+  classifyWorkerQuestion,
+  extractLastAssistantMessage,
+  extractAssistantText,
+  buildClassifierPrompt,
+  hasDangerousKeys,
+  DEFAULT_MIN_CONFIDENCE,
+  DEFAULT_MODEL
+};

package/scripts/flow-workflow-steps.js

@@ -11,9 +11,9 @@
  *   await runSteps('afterTask', { taskId: 'TASK-001', files: [...] });
  */
 
-const fs = require('node:fs');
-const path = require('node:path');
-const { getProjectRoot, colors, getConfig, invalidateConfigCache, writeJson, PATHS } = require('./flow-utils');
+const _fs = require('node:fs');
+const _path = require('node:path');
+const { colors, getConfig, invalidateConfigCache, writeJson, PATHS } = require('./flow-utils');
 
 // ============================================================
 // Step Registry - All available workflow steps

package/scripts/flow-workflow.js

@@ -24,7 +24,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const { spawn } = require('node:child_process');
-const { getProjectRoot, colors: c, readJson, PATHS } = require('./flow-utils');
+const { colors: c, readJson, PATHS } = require('./flow-utils');
 const { success: printSuccess, error: printError } = require('./flow-output');
 const { detectPackageManager } = require('./flow-script-resolver');
 

package/scripts/flow-worktree.js

@@ -22,7 +22,7 @@
  *   await discardWorktree(worktree);
  */
 
-const { execFileSync, spawn } = require('node:child_process');
+const { execFileSync } = require('node:child_process');
 const fs = require('node:fs');
 const path = require('node:path');
 const os = require('node:os');

package/scripts/hooks/adapters/base-adapter.js

@@ -38,7 +38,7 @@ class BaseAdapter {
    * @param {Object} coreResult - Result from core module
    * @returns {Object} CLI-specific format
    */
-  transformResult(event, coreResult) {
+  transformResult(_event, coreResult) {
     throw new Error('transformResult() must be implemented by subclass');
   }
 
@@ -58,7 +58,7 @@ class BaseAdapter {
    * @param {Object} [transportConfig] - Transport config: { transport, url, headers, allowedEnvVars }
    * @returns {Object} CLI-specific hook configuration
    */
-  generateConfig(rules, projectRoot, transportConfig) {
+  generateConfig(_rules, projectRoot, transportConfig) {
     throw new Error('generateConfig() must be implemented by subclass');
   }
 

package/scripts/hooks/core/commit-log-gate.js

@@ -80,7 +80,7 @@ function checkCommitLogGate(command, config) {
 
   // Load config if not provided
   if (!config) {
-    try { config = getConfig(); } catch (err) { config = {}; }
+    try { config = getConfig(); } catch (_err) { config = {}; }
   }
 
   // Check if gate is enabled (default: enabled when enforcement section exists)
@@ -92,7 +92,7 @@ function checkCommitLogGate(command, config) {
   let readyData;
   try {
     readyData = getReadyData();
-  } catch (err) {
+  } catch (_err) {
     // Can't read ready.json → fail-open (don't block work)
     return { allowed: true, blocked: false };
   }

package/scripts/hooks/core/component-check.js

@@ -191,7 +191,7 @@ function loadComponentIndex() {
               }
             }
           }
-        } catch (err) {
+        } catch (_err) {
           // Skip unreadable map files
         }
       }
@@ -199,7 +199,7 @@ function loadComponentIndex() {
 
     if (components.length === 0) return null;
     return { components, source: 'fallback-from-maps' };
-  } catch (err) {
+  } catch (_err) {
     return null;
   }
 }
@@ -238,7 +238,7 @@ function parseAppMap() {
     }
 
     return components;
-  } catch (err) {
+  } catch (_err) {
     return [];
   }
 }

package/scripts/hooks/core/config-change.js

@@ -65,7 +65,7 @@ function handleConfigChange(options = {}) {
     let bridgeState = null;
     try {
       bridgeState = require('../../flow-bridge-state');
-const { PATHS } = require('../../flow-utils');
+const { } = require('../../flow-utils');
     } catch (_err) {
       // Bridge state module unavailable
     }

package/scripts/hooks/core/deploy-gate.js

@@ -264,7 +264,8 @@ function findLatestArtifact(options) {
     for (const file of files) {
       const filePath = path.join(VERIFICATION_DIR, file);
       try {
-        const artifact = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+        const artifact = safeJsonParse(filePath, null);
+        if (!artifact) continue;
 
         // Verify HMAC signature
         const sigResult = verifyArtifactSignature(artifact);

package/scripts/hooks/core/git-safety-gate.js

@@ -18,7 +18,7 @@
 
 'use strict';
 
-const path = require('node:path');
+const _path = require('node:path');
 const { getConfig, PATHS } = require('../../flow-utils');
 
 // ============================================================

package/scripts/hooks/core/instructions-loaded.js

@@ -14,7 +14,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 
-const { safeJsonParse, PATHS } = require('../../flow-utils');
+const { safeJsonParse } = require('../../flow-utils');
 
 /**
  * Check if new packages have been added since last scan.

package/scripts/hooks/core/loop-check.js

@@ -56,7 +56,7 @@ function getActiveLoopSession() {
     }
 
     return session;
-  } catch (err) {
+  } catch (_err) {
     return null;
   }
 }

package/scripts/hooks/core/manager-boundary-gate.js

@@ -27,6 +27,7 @@
 
 const path = require('node:path');
 const fs = require('node:fs');
+const { safeJsonParse } = require('../../flow-io');
 
 // ============================================================
 // Member Path Resolution
@@ -50,7 +51,7 @@ function getMemberPaths() {
   if (!fs.existsSync(manifestPath)) return [];
 
   try {
-    const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));
+    const manifest = safeJsonParse(manifestPath, {});
     const members = manifest.members || {};
     const paths = [];
 
@@ -141,7 +142,7 @@ function getMemberPort(memberName) {
 
   try {
     const manifestPath = path.join(workspaceRoot, '.workspace', 'state', 'workspace-manifest.json');
-    const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));
+    const manifest = safeJsonParse(manifestPath, {});
     const member = manifest.members?.[memberName];
     return member?.port ?? member?.channelPort ?? null;
   } catch (_err) {

package/scripts/hooks/core/observation-capture.js

@@ -161,7 +161,7 @@ function summarizeInput(toolName, toolInput) {
         const inputStr = JSON.stringify(toolInput);
         return `${toolName}: ${inputStr.slice(0, 60)}${inputStr.length > 60 ? '...' : ''}`;
     }
-  } catch (err) {
+  } catch (_err) {
     return `${toolName}: (summarization failed)`;
   }
 }
@@ -232,7 +232,7 @@ function summarizeOutput(toolName, toolResponse, success) {
       default:
         return `Completed: ${responseStr.slice(0, 60)}${responseStr.length > 60 ? '...' : ''}`;
     }
-  } catch (err) {
+  } catch (_err) {
     return 'Completed (summarization failed)';
   }
 }
@@ -298,7 +298,7 @@ async function captureObservation(options) {
       const blocks = getMemoryBlocks();
       const currentTask = blocks.getCurrentTask();
       contextTaskId = currentTask?.id || null;
-    } catch (err) {
+    } catch (_err) {
       // Ignore - task context is optional
     }
 
@@ -316,7 +316,7 @@ async function captureObservation(options) {
       if (fullInput.length > maxInputSize) {
         fullInput = fullInput.slice(0, maxInputSize) + '...[truncated]';
       }
-    } catch (err) {
+    } catch (_err) {
       fullInput = '[serialization failed]';
     }
 
@@ -328,7 +328,7 @@ async function captureObservation(options) {
       if (fullOutput.length > maxOutputSize) {
         fullOutput = fullOutput.slice(0, maxOutputSize) + '...[truncated]';
       }
-    } catch (err) {
+    } catch (_err) {
       fullOutput = '[serialization failed]';
     }
 
@@ -356,7 +356,7 @@ async function captureObservation(options) {
           inputSummary || `${toolName} call`,
           outputSummary || 'unknown error'
         ).catch(() => { /* non-blocking */ });
-      } catch (err) {
+      } catch (_err) {
         // Non-critical - memory pipeline may not be available
       }
     }

package/scripts/hooks/core/phase-gate.js

@@ -82,7 +82,7 @@ function isPhaseGateEnabled(config) {
   try {
     if (!config) config = getConfig();
     return config.hooks?.rules?.phaseGate?.enabled === true;
-  } catch (err) {
+  } catch (_err) {
     return false; // Fail-open
   }
 }
@@ -104,7 +104,7 @@ function getCurrentPhase() {
       updatedAt: data.updatedAt || null,
       previousPhase: data.previousPhase || null
     };
-  } catch (err) {
+  } catch (_err) {
     return defaults;
   }
 }
@@ -287,7 +287,7 @@ function checkPhaseGate(toolName, toolInput, config) {
 /**
  * Get guidance text for a blocked tool in a phase
  */
-function getPhaseGuidance(phase, toolName) {
+function getPhaseGuidance(phase, _toolName) {
   const guidance = {
     idle: 'Route your request through a /wogi-* command first.',
     routing: 'Wait for /wogi-start to finish routing.',
@@ -381,7 +381,7 @@ function checkAndResetStalePhase() {
       return true;
     }
     return false;
-  } catch (err) {
+  } catch (_err) {
     return false;
   }
 }

package/scripts/hooks/core/pre-compact.js

@@ -21,7 +21,7 @@
 
 const path = require('node:path');
 const fs = require('node:fs');
-const { PATHS, safeJsonParse, getConfig } = require('../../flow-utils');
+const { PATHS, safeJsonParse } = require('../../flow-utils');
 
 /**
  * Phases where compaction should be BLOCKED because interruption

package/scripts/hooks/core/pre-tool-orchestrator.js

@@ -177,7 +177,7 @@ function runPreToolGates(ctx, deps) {
   ]);
   if (!skipRoutingGateForSubagent && !skipRoutingGateForReadOnlyGit && GATED_TOOLS.has(toolName)) {
     try {
-      const routingResult = deps.checkRoutingGate(toolName, config, toolInput);
+      const routingResult = deps.checkRoutingGate(toolName, config);
       if (routingResult.blocked) {
         return {
           allowed: false,

package/scripts/hooks/core/routing-gate.js

@@ -250,7 +250,7 @@ function isRoutingPending() {
       const age = Date.now() - new Date(data.timestamp).getTime();
       if (age > ROUTING_FLAG_TTL_MS) {
         // Flag is stale — clean it up and return false
-        try { fs.unlinkSync(ROUTING_FLAG_PATH); } catch (err) { /* ignore cleanup failure */ }
+        try { fs.unlinkSync(ROUTING_FLAG_PATH); } catch (_err) { /* ignore cleanup failure */ }
         if (process.env.DEBUG) {
           console.error(`[routing-gate] Cleaned stale flag (${Math.round(age / 1000)}s old)`);
         }
@@ -285,10 +285,9 @@ function isRoutingPending() {
  *
  * @param {string} toolName - The tool being called (e.g., 'Bash')
  * @param {Object} [config] - Pre-loaded config (optional, falls back to getConfig())
- * @param {Object} [toolInput] - Tool input (optional, used for v2.20.0 diagnostic bypass)
  * @returns {{ allowed: boolean, blocked: boolean, reason: string, message: string|null }}
  */
-function checkRoutingGate(toolName, config, toolInput) {
+function checkRoutingGate(toolName, config) {
   // Gate ALL tools that allow the AI to act without routing through /wogi-start.
   // Edit/Write/NotebookEdit were the critical gap: AI could edit ready.json (exempt
   // from task gate) to create a fake active task, then edit anything freely.
@@ -318,26 +317,6 @@ function checkRoutingGate(toolName, config, toolInput) {
   // This meant any in-progress task from a prior turn bypassed routing entirely.
   // The only way to clear routing-pending is to invoke a /wogi-* skill.
 
-  // Gap D (v2.20.0) — diagnostic curl bypass for workspace workers.
-  // When a manager sends an INTROSPECTION/DIAGNOSTIC channel message, the
-  // worker needs to curl-reply to localhost:8800 with a structured "## " body.
-  // Without this bypass, answering diagnostic questions forces the worker to
-  // create a fake task just to satisfy routing — which is itself an
-  // anti-pattern. Narrow allowlist: Bash + curl + localhost:manager-port +
-  // body starts with "## " + config flag enabled.
-  try {
-    if (toolName === 'Bash' && isDiagnosticCurlBypass(toolInput, config)) {
-      return {
-        allowed: true,
-        blocked: false,
-        reason: 'diagnostic_curl_bypass',
-        message: null
-      };
-    }
-  } catch (_err) {
-    // Fail-closed — if bypass check errors, default to the normal block path.
-  }
-
   // Block: routing is pending and no /wogi-* command has been invoked this turn
   // NOTE: This message is shown to the AI as permissionDecisionReason.
   // It must be prescriptive enough that the AI invokes /wogi-start instead of
@@ -358,66 +337,6 @@ function checkRoutingGate(toolName, config, toolInput) {
   };
 }
 
-/**
- * Gap D — recognize a narrow curl-to-manager bypass for diagnostic replies.
- *
- * Allowed iff ALL hold:
- *   - config.workspace.diagnosticCurlBypass !== false
- *   - Tool is Bash and command contains a single curl to
- *     http(s)://(127\\.0\\.0\\.1|localhost):{managerPort} (default 8800)
- *   - The curl body (`-d`, `--data`, `--data-binary`, `--data-raw`) starts
- *     with "## " (structured channel reply marker)
- *   - Body contains one of the diagnostic markers: "INTROSPECTION",
- *     "DIAGNOSTIC", "## QUESTION:", or "## ANSWER:" (so generic curl-to-8800
- *     doesn't escape routing — only diagnostic/question/answer replies do)
- *
- * This bypass is specifically NARROW by design — we want to unblock diagnostic
- * round-trips without opening a back door. Generic curl to any URL, curl to a
- * different port, or curl with a non-"## " body all still hit the normal block.
- *
- * @param {Object} toolInput - Bash tool input ({ command: string, ... })
- * @param {Object} config - Loaded config
- * @returns {boolean}
- */
-function isDiagnosticCurlBypass(toolInput, config) {
-  if (!toolInput || typeof toolInput !== 'object') return false;
-  if (config?.workspace?.diagnosticCurlBypass === false) return false;
-
-  const command = String(toolInput.command || '');
-  if (!command.includes('curl')) return false;
-
-  // Must target localhost or 127.0.0.1 on the manager port.
-  const managerPort = process.env.WOGI_MANAGER_PORT ||
-                      String(config?.workspace?.managerPort || '8800');
-  // Validate port shape first — prevents regex injection.
-  if (!/^\d{2,5}$/.test(String(managerPort))) return false;
-  const portPattern = new RegExp(
-    `https?://(?:127\\.0\\.0\\.1|localhost):${managerPort}(?:[/\\s"'\\\\]|$)`
-  );
-  if (!portPattern.test(command)) return false;
-
-  // Extract the body argument. Recognized flags: -d, --data, --data-binary,
-  // --data-raw, --data-urlencode. The body can be:
-  //   (a) literal string: -d "## ANSWER: ..."
-  //   (b) @-  (from stdin — we can't inspect)
-  //   (c) @filename
-  const bodyMatch = command.match(
-    /--data(?:-binary|-raw|-urlencode)?\s+(['"])([\s\S]*?)\1|-d\s+(['"])([\s\S]*?)\3/
-  );
-  const literalBody = bodyMatch ? (bodyMatch[2] || bodyMatch[4] || '') : '';
-
-  // Stdin / file bodies (@-) cannot be inspected — we conservatively reject
-  // them for this bypass. The worker should use literal `-d "## ..."` instead.
-  if (/--data(?:-binary|-raw|-urlencode)?\s+@|-d\s+@/.test(command) && !literalBody) {
-    return false;
-  }
-
-  if (!literalBody.startsWith('## ')) return false;
-
-  // Final marker check — body must contain one of the diagnostic markers.
-  const markers = ['INTROSPECTION', 'DIAGNOSTIC', '## QUESTION:', '## ANSWER:'];
-  return markers.some(m => literalBody.includes(m));
-}
 
 /**
  * Increment the stop-attempt counter in the routing flag.
@@ -467,7 +386,6 @@ function incrementStopAttempts(maxAttempts = 10) {
 }
 
 module.exports = {
-  isDiagnosticCurlBypass,
   isRoutingGateEnabled,
   hasActiveTask,
   setRoutingPending,

package/scripts/hooks/core/session-context.js

@@ -809,7 +809,7 @@ async function gatherSessionContext(options = {}) {
         console.error(`[session-context] Community sync-down failed: ${err.message}`);
       }
     });
-  } catch (err) {
+  } catch (_err) {
     // Non-critical — community sync module may not be available
   }