wogiflow 2.26.1 → 2.29.0

package/.claude/commands/wogi-bug.md

@@ -131,6 +131,36 @@ Return:
 
 **If investigation fails to identify a clear root cause**, consider escalating to `/wogi-debug-hypothesis` which spawns parallel agents to investigate competing theories about the root cause.
 
+#### Evidence Inventory (A3 — wf-f64f58b0)
+
+Before moving to Phase 2.5, you MUST have consulted at least **5 of 7** source categories across the agent runs (or the sequential-fallback). A root cause grounded in one grep is a guess, not a diagnosis. Breadth of evidence is the strongest predictor of correct root-cause identification.
+
+**The seven source categories** (each counts once, regardless of repeat reads):
+
+1. **Code read** — actual file content examined at the relevant lines
+2. **Grep / search** — pattern search across the codebase
+3. **Git log / blame** — history of the suspect file or symbol
+4. **Test run or test file read** — what the tests exercise vs. what they miss
+5. **Log / telemetry / gate-telemetry** — runtime evidence (`/wogi-gate-stats`, browser console, server log)
+6. **Type / interface definition** — the contract-level view from a types or schema file
+7. **User-confirmed assumption or prior correction** — from `feedback-patterns.md` or user dialogue
+
+**Emit this block in the final bug report (under "Evidence inventory"):**
+
+```
+Sources consulted: N / 7
+  [✓] Code read: <file:line>
+  [✓] Grep: <pattern> → <n hits>
+  [✓] Git log: <finding>
+  [✓] Test: <test or finding>
+  [✓] <fifth source>
+  [ ] <skipped categories with one-line reason>
+```
+
+**Downgrade clause**: if N < 5, the final diagnosis/root-cause language is downgraded — say **"likely cause"** instead of "root cause", and **"probable fix"** instead of "fix". (A4 formalizes this as the 95/85/75 confidence-tier rubric — this clause is the placeholder until A4 lands.)
+
+**Skippable only when**: the bug is a typo, single-line obvious fix, or user explicitly said "skip deep investigation". Note the reason in the inventory block.
+
 ### Phase 2.5: Hypothesis Verification Gate (MANDATORY)
 <!-- PIN: hypothesis-verification-gate -->
 

package/.claude/commands/wogi-debug-hypothesis.md

@@ -55,6 +55,39 @@ If any assumption is **CONTRADICTED** (user refers to a component that doesn't e
 
 This catches the "investigate imaginary code" failure mode before wasting a parallel agent run.
 
+### Step 0.5: Reflect on 5-7 Independent Sources (A3 — wf-f64f58b0)
+
+Before moving to consolidation (Step 4), you MUST have consulted at least **5 of 7** source categories. A hypothesis grounded in 1-2 code reads is a hypothesis, not a diagnosis. Breadth of evidence is the single strongest predictor of correct root-cause identification across the research corpus that informed WogiFlow v2.27.
+
+**The seven source categories** (a source only counts once, even if you read it repeatedly):
+
+1. **Code read** — actual file content examined at the relevant lines
+2. **Grep / search** — pattern search across the codebase for call sites, imports, or string literals referencing the suspect area
+3. **Git log / blame** — history of the suspect file or symbol (who changed what, and when)
+4. **Test run or test file read** — what the tests exercise vs. what they miss
+5. **Log / telemetry / gate-telemetry** — runtime evidence (browser console, server log, `/wogi-gate-stats`)
+6. **Type / interface definition** — the contract-level view from a types or schema file
+7. **User-confirmed assumption or prior correction** — from Step 1 (Tier 2) or `feedback-patterns.md`
+
+**Required output before Step 2**:
+
+```
+━━━ EVIDENCE INVENTORY ━━━
+Consulted (5+ required):
+  [✓] Code read: <file:line>
+  [✓] Grep: <pattern> → <n hits in m files>
+  [✓] Git log: <file or symbol> → <key finding>
+  [✓] Test: <testfile or run result>
+  [✓] <fifth source>
+  [ ] <skipped categories with one-line reason>
+Sources consulted: N / 7
+━━━━━━━━━━━━━━━━━━━━━━━━━
+```
+
+**Downgrade clause**: if N < 5, the final diagnosis language is downgraded — say **"likely cause"** instead of "root cause", and **"probable fix"** instead of "fix". (A4 formalizes this as the 95/85/75 tier rubric — this clause is the placeholder until A4 lands.)
+
+**Skippable only when**: the bug is a typo, single-line obvious fix, or the user explicitly said "skip deep investigation". Note the reason in the inventory block.
+
 ### Step 1: Assumption Surfacing (Tier 2 — MANDATORY unless `--no-assumptions`)
 
 Before generating ANY hypothesis, identify the domain-model assumptions your theories will depend on. Present them in a fenced block and **WAIT** for user confirmation.

package/.claude/commands/wogi-morning.md

@@ -153,7 +153,6 @@ fs.writeFileSync('.workflow/state/session-state.json', JSON.stringify(sessionSta
 Configuration in `.workflow/config.json`:
 ```json
 "morningBriefing": {
-  "enabled": true,
   "showLastSession": true,
   "showChanges": true,
   "showRecommendedTasks": 3,
@@ -166,7 +165,7 @@ Configuration in `.workflow/config.json`:
 }
 ```
 
-Set `enabled: false` to disable this command.
+`/wogi-morning` is user-invoked — there is no "enabled" toggle. Don't run the command if you don't want a briefing.
 
 ## Stale Skills Section (Implementation Details)
 

package/.claude/commands/wogi-review.md

@@ -711,6 +711,29 @@ SEVERITY IS CAPPED BY TIER:
   - Tier 1: severity capped at MEDIUM (unless grep returned >=5 instances → HIGH allowed)
   - Tier 2+: severity stands as you assign it
 
+IMPORTANT: Confidence Tier (95 / 85 / 75) — see `.workflow/rubrics/confidence-tiers.md`
+
+Every finding MUST also carry:
+
+  confidencePct: exactly one of 95, 85, or 75 (no other values)
+    95 = HIGH   — tier ≥3, OR tier 2 with 2+ observations,
+                  OR tier 1 with ≥10 hits across ≥3 files
+    85 = MEDIUM — tier 2 (single obs), OR tier 1 with 5-9 hits,
+                  OR tier 1 with ≥3 hits across ≥2 files
+    75 = LOW    — tier 0, OR tier 1 with 1-4 isolated hits, OR missing evidenceNote
+                  → MUST set flagUnverified=true; severity capped at LOW
+
+  flagUnverified: boolean (auto-true for confidencePct=75)
+
+  confidenceNote: one-line justification — required ONLY if you override the
+    default mapping (e.g. tier 1 with 6 hits but flagged 75 because 5 are in
+    the same block of code). Otherwise omit.
+
+LANGUAGE by confidence tier:
+  95 → assertive ("is", "breaks", "requires")
+  85 → hedged ("likely", "appears to", "in most paths")
+  75 → speculative ("might", "could", "possibly") + propose a verification action
+
 Also respect the FRAMING ARTIFACT from Phase 0 — only report findings within
 `scopeIn`. Findings outside `scopeOut` will be moved to an appendix by the
 orchestrator.
@@ -718,7 +741,9 @@ orchestrator.
 
 **Why evidence tiers matter**: During this project's own self-review (session logs), a `code-reviewer` agent reported an F1 finding as "Critical — broken require path" without citing evidence. Manual verification via `require.resolve()` showed the path was correct — the agent's path math was flawed. With tier enforcement, F1 would have been Tier 0 (no grep, no execution), capped at LOW, and flagged UNVERIFIED — alerting the reader to verify before acting.
 
-**Config toggles**: `review.evidenceTiers.enabled` (default true), `review.evidenceTiers.capByTier` (default true — enforce severity caps).
+**Why confidence tiers matter**: Evidence tier (0–4) is mechanical ("what produced the evidence"); confidence tier (95/85/75) is judgment ("how likely is this real and actionable"). Two findings at the same evidence tier can warrant different confidence — e.g. a grep hit of 1 match vs. 14 matches across 9 files. The 95/85/75 bucket drives language, severity cap, and whether the finding is flagged UNVERIFIED. The full reconciliation table is in `.workflow/rubrics/confidence-tiers.md`.
+
+**Config toggles**: `review.evidenceTiers.enabled` (default true), `review.evidenceTiers.capByTier` (default true — enforce severity caps), `review.confidenceTiers.enabled` (default true — require 95/85/75 on every finding).
 
 **2.4. Launch ALL agents in parallel** (single message with N Task tool calls, subagent_type=Explore)
 
@@ -742,7 +767,11 @@ orchestrator.
       "issue": "Description of the issue",
       "recommendation": "How to fix it",
       "autoFixable": false,
-      "agent": "code-logic|security|architecture|performance|project-rules-[slug]"
+      "agent": "code-logic|security|architecture|performance|project-rules-[slug]",
+      "evidenceTier": 3,
+      "evidenceNote": "grep 'foo' returned 7 matches in src/api/",
+      "confidencePct": 95,
+      "flagUnverified": false
     }
   ],
   "triaged": false

package/.claude/commands/wogi-start.md

@@ -29,6 +29,36 @@ If `false` OR the input is natural language → continue with the full prompt be
 
 ### Pre-Routing Checks (Automatic)
 
+**Epic Decompose-and-Run Cascade** (Story E / wf-e28b6cd8): When `/wogi-start
+<epicId>` finishes decomposing an epic into child stories, immediately call
+`node scripts/flow-epic-cascade.js resolve <epicId>`. The result indicates one
+of three actions:
+- `invoke-skill` → call `Skill(skill="wogi-start", args=<taskId>)` in the SAME
+  turn (Option A, zero-latency, used in interactive mode by default).
+- `restart-with-marker` → marker has been written; end the turn and rely on the
+  task-boundary-reset SIGTERM cascade (Option B, fresh context per story, used
+  when autonomous mode is active by default).
+- `abort` → emit a warning with the `reason` (no-children / target-missing); do
+  not cascade. The user retains control.
+
+Strategy is configurable via `autonomousMode.cascadeStrategy` (`"auto"` |
+`"direct"` | `"restart"`, default `"auto"`). Cascade only fires for epics — non-
+epic `/wogi-start` invocations are unaffected.
+
+**Autonomous Walk-Away Mode Trigger**: Before any other classification, run
+`node scripts/flow-autonomous-mode.js activate "<user-message>"`. If the message
+matches a trigger phrase (`go until you finish`, `autonomous mode`, `run this autonomously`,
+`don't bother me, just do it`, `walk-away mode`, `go ahead until done`, etc.), the
+helper writes `autonomousMode` to `session-state.json` (atomic) and returns the
+activation record. The flag survives task-boundary SIGTERM restarts via SessionStart
+re-hydration. While active, decision-routing in `flow-decision-authority.js` returns
+`queue-for-review` for productBehavior/ux questions instead of `owner-decides` —
+the AI MUST NOT ask the user; questions go to `flow-question-queue` and surface in
+the end-of-run summary. To exit: user says `stop`/`pause`, the ready queue drains,
+or the staleness threshold trips. Run `flow-autonomous-mode.js finalize <reason>`
+to render the completion summary and clear the flag. Detection fails closed — if
+the classifier errors, mode stays interactive (the safer default).
+
 **Long Input Detection**: If `config.longInputGate.enabled` and EITHER:
 - Prompt > `lineThreshold` (40) lines, OR
 - Prompt contains 5+ discrete items (numbered lists, bullet points, semicolon-separated requests)
@@ -193,6 +223,8 @@ After task level classification (L0-L3), set the reasoning effort level to optim
 
 This is advisory. Claude Code's effort levels: `low` / `medium` / `high` are universal. Claude Code 2.1.111+ added `xhigh` (between high and max) and `max` as Opus 4.7-only levels — other models fall back to `high`. Use `/effort` interactively (slider as of 2.1.111) to switch mid-session. The AI should adjust reasoning depth during implementation phases accordingly.
 
+**Note on Claude Code 2.1.117 default change**: Claude Code 2.1.117 raised the default effort for Pro/Max subscribers on Opus 4.6 and Opus 4.7 from `medium` to `high`. WogiFlow's advisory mapping above is **task-level-scoped** (L2 recommends `medium` because 1–5 file changes don't need deep reasoning), not a global session default. It intentionally differs from Claude Code's new default — L2 work runs faster at `medium` regardless of Pro/Max. If you're on Pro/Max with Opus 4.6/4.7 and want the CC default for everything, use `/effort high` at session start and ignore the L2 row.
+
 ### Task Checkpoints (when `config.proactiveCompaction.enabled`)
 
 At each phase boundary: save checkpoint to `.workflow/state/task-checkpoint.json` (task ID, phase, completed scenarios, changed files, verification results). If context >= `triggerThreshold` (75%), run `/wogi-pre-compact` before proceeding.

package/.claude/commands/wogi-statusline-setup.md

@@ -17,6 +17,7 @@ This command helps you configure Claude Code's status line (shown at the bottom
 
 - Claude Code v1.0.52+ (January 2026 or later) — `context_window.used_percentage` field
 - Claude Code v2.1.97+ (optional) — `refreshInterval` setting and `workspace.git_worktree` variable
+- Claude Code v2.1.119+ (optional) — `effort.level` and `thinking.enabled` fields
 
 ## Setup Instructions
 
@@ -67,6 +68,8 @@ Claude Code 2.1.97+. Omit the field or set it to 0 to disable auto-refresh.
 | `{{task.title}}` | Current task title |
 | `{{skill}}` | Currently active skill |
 | `{{workspace.git_worktree}}` | Truthy when cwd is inside a linked git worktree (2.1.97+) |
+| `{{effort.level}}` | Active reasoning effort: `low` / `medium` / `high` / `xhigh` / `max` (2.1.119+) |
+| `{{thinking.enabled}}` | Truthy when extended thinking is on (2.1.119+) |
 | `{{worktree.name}}` | Worktree name (if running in --worktree session) |
 | `{{worktree.branch}}` | Worktree branch name |
 | `{{worktree.path}}` | Worktree directory path |
@@ -101,6 +104,15 @@ branch label.
 "format": "{{#if worktree}}[WT:{{worktree.branch}}] {{/if}}{{#if task}}[{{task.id}}] {{/if}}{{model}} | Ctx: {{context_window.used_percentage}}%"
 ```
 
+**With Effort + Thinking** (Claude Code 2.1.119+):
+```json
+"format": "{{#if task}}[{{task.id}}] {{/if}}{{model}} | Ctx: {{context_window.used_percentage}}%{{#if effort.level}} | {{effort.level}}{{/if}}{{#if thinking.enabled}} | 🧠{{/if}}"
+```
+
+The `{{#if effort.level}}` and `{{#if thinking.enabled}}` guards keep surrounding
+punctuation from collapsing on older Claude Code versions that don't emit those
+fields — Handlebars renders missing paths as empty strings without throwing.
+
 ## WogiFlow Integration
 
 To have WogiFlow automatically update the status line with current task info, we need to:

package/.claude/commands/wogi-story.md

@@ -16,9 +16,9 @@ For multi-item inputs, the command output MUST include: **"All {N} items capture
 
 This rule applies equally to deep-decomposition mode and flat stories.
 
-## Specification-Quality Gates (wf-63c0f4cc)
+## Specification-Quality Gates (wf-63c0f4cc + wf-fe8ef64d)
 
-Five P0 gates run automatically at creation time (all fail-open):
+Six P0 gates run automatically at creation time (all fail-open):
 
 | Gate | Fires When | Effect |
 |------|-----------|--------|
@@ -27,6 +27,7 @@ Five P0 gates run automatically at creation time (all fail-open):
 | 3. Consumer Impact | input contains refactor/rename/migrate/etc. | greps consumers, flags phased migration at ≥5 breaking |
 | 4. Scope-Confidence | input mentions "new X" / "existing Y" / "the Z service" | audits assumptions → "Pending Clarifications" block |
 | 5. Intent Bootstrap | IGR artifacts missing + not already scheduled | schedules background bootstrap via session-state.json |
+| 6. AC Scope-Preservation | any task with ≥1 criterion | snapshots originals to `.workflow/state/ac-snapshots/<taskId>.json`; `/wogi-done` re-verifies at close time and surfaces PRESERVED / MODIFIED / DROPPED / ADDED checklist. Blocks completion on silent drops or 2-into-1 collapses. See `scripts/flow-ac-scope-preservation.js`. |
 
 Gates enforce **specification quality at creation time**; runtime-quality gates (wiring, typecheck, tests) remain `/wogi-start`'s job.
 

package/.claude/docs/claude-code-compatibility.md

@@ -75,6 +75,8 @@ flow parallel check  # See available parallel tasks
 | 2.9.0+ | 2.1.90+ | --resume deferred-tool cache fix, MCP schema perf, PostToolUse format-on-save fix, PreToolUse exit-code-2 fix, .husky protected |
 | 2.9.2+ | 2.1.97+ | Stop/SubagentStop long-session fix, subagent worktree cwd leak fix, refreshInterval status line, workspace.git_worktree, MCP HTTP/SSE leak fix, 429 backoff, compaction transcript dedup |
 | 2.18.0+ | 2.1.108+ | ENABLE_PROMPT_CACHING_1H guidance, /recap awareness, /doctor MCP duplicate-scope mirror in `/wogi-health` |
+| 2.27.0+ | 2.1.116+ | Sandbox dangerous-path safety on auto-allow, agent frontmatter hooks for `--agent`, `/resume` large-session speedup, MCP stdio concurrent startup |
+| 2.27.0+ | 2.1.117+ | Native bfs/ugrep via Bash (hook audit documented), Opus 4.7 /context fix (estimator already percentage-based), Pro/Max effort default shift (advisory delta documented), agent frontmatter `mcpServers` for `--agent`, subagent model-mismatch malware-warning fix, managed-settings plugin marketplace enforcement |
 
 ### Environment Variables (2.1.19+)
 
@@ -439,6 +441,44 @@ await cancelTask('wf-123', 'superseded', false);
 
 - **Reliability fixes (all automatic after upgrade)**: Terminal display tearing in iTerm2+tmux, `@`-file suggestions re-scanning entire project in non-git directories, LSP diagnostics from before an edit appearing after it, tab-completing `/resume` behavior, `/context` grid rendering, `/clear` dropping session name, spurious decompression/network/transient errors in the TUI. Reverted v2.1.110 cap on non-streaming fallback retries (now uncapped again). Fixed Bedrock/Vertex/Foundry 429 retries pointing users at the wrong status page, bare URLs unclickable when wrapped in tool output, feedback surveys appearing back-to-back. WogiFlow sessions benefit from all of these automatically.
 
+### Features in 2.1.116+
+
+- **Agent frontmatter hooks fire for main-thread `--agent` sessions (BUG FIX)**: Previously, hooks declared in an agent frontmatter only fired when the agent ran as a sub-agent. When the same agent was invoked on the main thread via `--agent`, its hooks silently did not fire. **Impact on WogiFlow**: WogiFlow ships several agents under `.workflow/agents/` (logic-adversary, architect, etc.). Users running them via `--agent` previously lost any per-agent hook behavior. Automatic improvement after upgrade — no WogiFlow code change.
+
+- **`/resume` large-session speedup (up to 67% on 40MB+ sessions)**: `/resume` now loads significantly faster on large sessions and handles many dead-fork entries efficiently. **Impact on WogiFlow**: WogiFlow's post-compact state recovery and task-checkpoint resume benefit directly — long bulk sessions (`/wogi-bulk`, `/wogi-bulk-loop`) that accumulate large transcripts restart faster. No code change needed.
+
+- **MCP stdio concurrent startup**: Multiple stdio MCP servers now start concurrently instead of serially, and `resources/templates/list` is deferred to first `@`-mention. **Impact on WogiFlow**: Users with several MCP servers (figma, atlassian, gmail) see faster session startup. Orthogonal to WogiFlow. No action.
+
+- **Sandbox auto-allow honors dangerous-path safety check (SECURITY)**: Sandbox auto-allow rules no longer bypass the dangerous-path safety check when a command targets `/`, `$HOME`, or other critical system directories (e.g. `rm -rf /`, `rmdir $HOME`). **Impact on WogiFlow**: Reinforces `.claude/rules/security/security-patterns.md §6` — destructive commands should be scoped to safe variants, not blanket-wildcarded. WogiFlow's installer-generated permission rules already scope `git reset`, `git restore`, `git clean` away from blanket wildcards (v2.19.0+). No code change needed; this is defense-in-depth for users who hand-edited their settings.
+
+- **Bash tool `gh` rate-limit hint**: Bash tool surfaces a hint when `gh` commands hit GitHub's API rate limit, so agents can back off instead of retrying. **Impact on WogiFlow**: Affects `/wogi-finalize`, `/wogi-review` when they shell out to `gh`. No code change needed — WogiFlow's commands already terminate on CLI errors instead of retry-looping.
+
+- **Other UX fixes**: Thinking spinner shows inline progress, `/config` search matches values, Bash security no longer bypasses dangerous-path check for wildcard-allowed rm/rmdir, `/resume` reports load errors on large files instead of silently showing empty, `/doctor` can open during a response. All automatic. See `.claude/rules/security/security-patterns.md §6` for the permission-rule pattern the sandbox fix reinforces.
+
+### Features in 2.1.117+
+
+- **Native macOS/Linux builds replace Glob and Grep tools with embedded bfs/ugrep via Bash**: On native builds (not npm, not Windows), Claude Code now executes `bfs`/`ugrep` through the Bash tool instead of the separate Glob/Grep tools. **Impact on WogiFlow**:
+  - **Hooks that match on `tool === 'Glob'|'Grep'`**: audited 2026-04-22. All matches are in **allow-list** contexts (`phase-gate.js`, `routing-gate.js`, `manager-boundary-gate.js`, `pre-tool-orchestrator.js` classify Glob/Grep as read-only; `observation-capture.js` logs them). On native builds, search operations arrive as `Bash` — Bash is NOT in those read-only allow-lists, so search calls get the stricter Bash treatment. No bypass, no gate weakening.
+  - **Evidence tracking** (`research-evidence-gate.js`) and **scope enforcement** (`scope-gate.js`) do NOT match on Glob/Grep — unaffected.
+  - **Observation gap (minor)**: `observation-capture.js` no longer logs search patterns from native-build users. Cosmetic — does not affect enforcement.
+  - **WogiFlow scripts do NOT invoke `bfs`/`ugrep` directly** — those binaries are embedded in Claude Code's native build only, not on users' PATH. Invoking them would break npm/Windows users. Existing Node `fs` / `ripgrep` / `git grep` tooling is the cross-platform path. **No code change needed.**
+
+- **Opus 4.7 `/context` fix — was computing against 200K instead of native 1M**: Claude Code 2.1.117 fixed inflated `/context` percentages and premature auto-compaction on Opus 4.7 sessions. **Impact on WogiFlow**: `scripts/flow-context-estimator.js` operates entirely in percentages provided by Claude Code — no hardcoded 200K/1M assumption. Audited 2026-04-22. When Claude Code reports the correct percentage post-upgrade, the estimator consumes it correctly. **No code change needed.** Only env-var-gated branch is `CLAUDE_CODE_DISABLE_1M_CONTEXT` — which correctly tightens thresholds when the user opts out of extended context.
+
+- **Default effort `high` on Opus 4.6/4.7 for Pro/Max subscribers (was `medium`)**: Claude Code raised the session default. **Impact on WogiFlow**: WogiFlow's effort-level advisory table in `.claude/commands/wogi-start.md` is **task-level-scoped** (L2 → `medium` because 1–5 file changes don't need deep reasoning), not a global default. It intentionally differs from Claude Code's new default — documented inline in the table. Users on Pro/Max wanting the CC default everywhere can use `/effort high` at session start.
+
+- **Agent frontmatter `mcpServers` loaded for main-thread `--agent` sessions**: Complements the 2.1.116 hook fix — MCP servers declared in an agent's frontmatter are now loaded when the agent is invoked via `--agent`. **Impact on WogiFlow**: WogiFlow's `.workflow/agents/` personas that depend on MCP tooling now work correctly when invoked on the main thread. No code change needed.
+
+- **Subagent model-mismatch malware-warning fix**: Previously, subagents running on a different model than the main agent incorrectly flagged file reads with a malware warning. **Impact on WogiFlow (HIGH)**: IGR architect + adversary passes routinely run on a DIFFERENT model from the main agent (config: `intentGroundedReasoning.adversaryModel`, `researchReasoningGate.tier3.adversaryModel`). Pre-fix, these sub-agents could see spurious "malware" warnings on normal file reads during critique. Post-fix, IGR sub-agent reads are clean. Automatic improvement. No code change needed.
+
+- **Managed-settings `blockedMarketplaces`/`strictKnownMarketplaces` enforcement on plugin install/update**: Enterprise admins can now block plugin marketplaces, enforced at install, update, refresh, and autoupdate time. **Impact on WogiFlow**: Relevant to `/wogi-register` and plugin-registry routing (`plugin-registry.json`). Users in managed environments may now be blocked from installing plugins WogiFlow's registry references. `/wogi-register` should surface the underlying Claude Code error verbatim (it already does — no code change). Future enhancement: detect a blocked-marketplace error and suggest the admin-controlled alternative.
+
+- **Pro/Max Opus 4.7 `/context` fix — expanded details**: Fixed alongside the percentage fix, Opus 4.7 sessions no longer auto-compact early. Pairs with WogiFlow's smart-compaction thresholds which recalibrated to 0.80 safe / 0.92 emergency under Claude Code 2.1.75+ token accuracy (see `scripts/flow-context-estimator.js:65`).
+
+- **Other notable fixes**: Plain-CLI OAuth sessions now refresh tokens reactively on 401 (no more mid-session "Please run /login"); WebFetch no longer hangs on very large HTML (truncates before conversion); `/login` works when launched with `CLAUDE_CODE_OAUTH_TOKEN` env var and token expires; Windows caches `where.exe` lookups per process; Bedrock `application-inference-profile` + Opus 4.7 with thinking disabled no longer returns 400; MCP `elicitation/create` no longer auto-cancels in print/SDK mode when the server connects mid-turn. All automatic after upgrade.
+
+- **Experimental flag**: `CLAUDE_CODE_FORK_SUBAGENT=1` enables forked subagents on external builds. Not currently consumed by WogiFlow. Tracked as a future enhancement for faster IGR sub-agent spawning.
+
 ### Simple Mode Naming Distinction
 
 Claude Code's `CLAUDE_CODE_SIMPLE` environment variable (which enables a simplified tool set) is **unrelated** to WogiFlow's `loops.simpleMode` (a lightweight task completion loop using string detection). They are separate features that happen to share the word "simple":

package/.claude/docs/phases/01-explore.md

@@ -7,7 +7,8 @@ Instructions for the explore phase of task execution. Loaded on-demand when phas
 1. Read `ready.json`, move task to inProgress
 2. Load task context from `.workflow/changes/*/wf-XXXXXXXX.md`
 3. Check `app-map.md`, `function-map.md`, `api-map.md`, `decisions.md`
-4. Auto-invoke matched skills based on task context
+4. **Generate repo map** (wf-f3707d2f / C1) — auto-generated per task, refreshed per turn: `node scripts/flow-repo-map.js generate --task=<taskId>`. The map surfaces TOUCHED + ADJACENT + SHAPE sections within a bounded token budget (default 16KB ≈ 4K tokens). Config: `repoMap.enabled` (default true), `repoMap.budgetBytes`. Skip if output is empty (no touched files yet).
+5. Auto-invoke matched skills based on task context
 
 ## Step 1.15: Intent Framing Pass (when `config.intentGroundedReasoning.enabled`)
 

package/.claude/docs/phases/03-implement.md

@@ -2,6 +2,10 @@
 
 Instructions for the implementation phase. Loaded on-demand when phase transitions to `coding`.
 
+## Step 2.9: Refresh Repo Map (wf-f3707d2f / C1)
+
+At the start of each coding turn, regenerate the task-aware repo map so TOUCHED / ADJACENT reflect the latest changes: `node scripts/flow-repo-map.js generate --task=<taskId>`. The map stays within `repoMap.budgetBytes` (default 16KB) and surfaces what you just modified + what imports it. Skip if `config.repoMap.enabled === false` or the output is empty.
+
 ## Step 3: Execute Each Scenario (Loop)
 
 **When TDD is NOT active**, use this normal flow. For each acceptance criterion:

package/.claude/docs/phases/04-verify.md

@@ -233,6 +233,51 @@ For EACH acceptance criterion in the spec:
 
 **Minimum: Tier 2 for display criteria, Tier 3 for behavioral criteria.**
 
+#### Skeptical Evaluator (B5 — wf-15175dbc)
+
+**When to use**: every L1+ task at validating phase. Forces three enumeration passes before "done" is allowed: UI fields, API parameters, state keys.
+
+Run:
+```js
+const { buildSkepticalPrompt, parseSkepticalOutput } = require('scripts/flow-skeptical-evaluator');
+const built = buildSkepticalPrompt({ specMarkdown, diffText, changedFiles, commitMessage, taskId });
+// spawn Agent with built.systemPrompt + built.userPrompt
+const result = parseSkepticalOutput(agentResponse, { taskId });
+if (!result.ok) { /* surface blockers + unverifiedClaims to user */ }
+```
+
+The evaluator's built-in pre-checks (BEL grep + spec-bundle grep) are surfaced in the user prompt so the sub-agent is grounded in mechanical data, not vibes. Every finding the evaluator produces must carry `evidenceTier` (0–4) + `confidencePct` (95/85/75) per `.workflow/rubrics/confidence-tiers.md`. Confidence-75 findings auto-flag as `UNVERIFIED`.
+
+Config: `intentGroundedReasoning.skepticalEvaluator.enabled` (default true).
+
+#### Spec-String Bundle Grep (B4 — wf-07046456)
+
+**When to use**: every L1+ task at Tier-3 verification. Extracts the "string bundle" from the spec (backtick IDs, quoted strings, file paths, constants, route paths) and greps each against the diff + changed files + built bundle.
+
+Run: `const { extractSpecStrings, verifySpecBundleCoverage, formatSpecBundleResult } = require('scripts/flow-completion-truth-gate');`
+
+Per-category coverage thresholds (defaults):
+- File paths: 100% (every file the spec names must appear in the diff)
+- Route paths: 100%
+- Constants: 80%
+- Backtick IDs: 80%
+- Quoted strings: 70% (allows for paraphrasing of error messages that were prototypes)
+
+Report the diff: any category below threshold surfaces the missing strings. The user either adds the missing implementation or updates the spec.
+
+#### DOM Field Inventory Snapshot (B3 — wf-f9431ef6)
+
+**When to use**: Any task that modifies a form, filter, wizard step, settings panel, or other UI surface containing `<input>`, `<select>`, `<textarea>`, or custom input components.
+
+Follow the protocol in `.workflow/templates/tier3-dom-field-inventory.md`:
+
+1. **Before**: snapshot the field inventory (name, label, type, default, required, validation, visibility) → `.workflow/verifications/<taskId>/dom-inventory-before.md`
+2. **After**: re-snapshot with the new code → `.workflow/verifications/<taskId>/dom-inventory-after.md`
+3. **Diff**: classify each field as preserved / modified / vanished / added → `.workflow/verifications/<taskId>/dom-diff.md`
+4. **Reconcile** against the task spec — any vanished/modified/added field that isn't named in an AC must be surfaced to the user before proceeding.
+
+This catches "silent field vanishing" bugs (see `feedback-patterns.md`) that lint + typecheck + smoke-test all miss because the missing field has no consumer in the critical path.
+
 #### Verification Method Selection
 
 Run: `node node_modules/wogiflow/scripts/flow-runtime-verification.js method`

package/.claude/rules/README.md

@@ -0,0 +1,36 @@
+# Auto-Generated Rules
+
+This directory is auto-generated from `.workflow/state/decisions.md`.
+
+**DO NOT EDIT THESE FILES DIRECTLY.**
+
+Edit `decisions.md` instead, then run:
+```bash
+node scripts/flow-rules-sync.js
+```
+
+Or rules will auto-sync when decisions.md is updated.
+
+## How It Works
+
+- Each section in decisions.md becomes a separate rule file
+- Rules are path-scoped based on section keywords (e.g., "component" rules only load for component files)
+- Claude Code automatically loads these rules for context-aware guidance
+
+## Rule Types
+
+Rules have `alwaysApply` frontmatter that determines loading behavior:
+
+- **`alwaysApply: true`** - Always loaded (rules with: general, always, project, naming, coding, standard, convention, must, never, critical, security in title)
+- **`alwaysApply: false`** - Agent-requested: Claude decides whether to load based on description relevance to current task
+
+This saves tokens by not loading React rules when working on backend code, etc.
+
+## Files
+
+- dual-repo-architecture-2026-02-28.md
+- github-release-workflow-2026-01-30.md
+- alternative-short-name.md
+- alternative-hand-edit-ready-json-to-register-orpha.md
+
+Last synced: 2026-04-24T06:42:44.238Z

package/.claude/rules/_internal/worker-tool-first-turn.md

@@ -0,0 +1,82 @@
+---
+alwaysApply: false
+description: "Worker tool-first-turn contract — workspace worker mode only (WOGI_WORKSPACE_ROOT set, WOGI_REPO_NAME !== 'manager')"
+globs: "scripts/hooks/core/worker-tool-first-gate.js,.workflow/templates/worker-rules.md"
+---
+
+# Worker Tool-First Turn Contract
+
+**Applies to**: workspace worker mode (`WOGI_WORKSPACE_ROOT` set + `WOGI_REPO_NAME !== 'manager'`).
+
+**Rule**: Every worker turn that follows a `UserPromptSubmit` (channel dispatch from the manager) MUST contain at least one tool call. In **strict mode** (default), the first assistant content block MUST be a tool call, not text.
+
+## Three violations enforced as one rule
+
+The Stop hook detects three distinct violations and labels all of them under the unified rule name `worker-tool-first-turn`:
+
+| Gate | Violation | Detection |
+|------|-----------|-----------|
+| **G1** | `silent-halt` | Zero `tool_use` blocks across the entire turn (pure-text response). |
+| **G4** | `text-before-tool-call` | First assistant content block is `text`, not `tool_use`. Strict mode only. |
+| **G6** | documented contract | The named rule referenced in block messages so the worker sees one coherent contract, not three independent gates. |
+
+## Why the contract exists
+
+Workers communicate with the manager via tool calls:
+- Channel dispatches (`curl` POST to the manager port)
+- File edits (`Edit`, `Write`)
+- Test runs (`Bash`)
+- Structured `## Results` payloads posted back to the manager channel
+
+A pure-text response from a worker is **invisible to the user** — the user only sees the manager terminal. Worker text disappears into the transcript with no downstream consumer. It also disqualifies the worker from the three-state end-of-turn contract (`ACTION` | `ESCALATION` | `IDLE`) documented in CLAUDE.md under "Workspace Autonomous-Mode Action-After-Completion Contract".
+
+## Allowed turn shapes (pass)
+
+- Pure action: `tool_use` → `tool_use` → end
+- Action with narration after: `tool_use` → `text` → `tool_use` → end
+- Escalation: `tool_use` (channel dispatch of `## QUESTION:`) → end
+- Reply: `tool_use` (channel dispatch of `## Results:`) → end
+- Idle (pre-user-message): zero assistant blocks — not gated since no dispatch happened
+
+## Blocked turn shapes (fail)
+
+- **G1**: `text` → end (no tool_use anywhere in turn)
+- **G4**: `text` → `tool_use` → end (strict mode: first block must be tool_use)
+
+## Configuration
+
+`.workflow/config.json → workspace.toolFirstTurnGate`:
+
+```json
+{
+  "enabled": true,
+  "strict": true
+}
+```
+
+- `enabled: false` — disables the gate entirely (silent-halt + text-first both allowed).
+- `strict: false` — G1 still enforced (zero-tool-call blocked), G4 relaxed (text-first allowed as long as a tool_use eventually fires).
+
+Default is `enabled: true, strict: true` — maximum worker discipline.
+
+## Fail-open behavior
+
+The gate fails open on:
+- Missing transcript path
+- Unreadable / malformed transcript file
+- Config read errors
+- Any unexpected exception
+
+Rationale: a silent-halt false-negative is recoverable (the worker will be retried on the next manager cycle via the dispatch-tracking overdue check). A false-positive block on every turn would make the worker unusable — unrecoverable without a code deploy.
+
+## Related gates (same epic, same integration point)
+
+- **Existing — "Gap B" (v2.20.0)**: blocks end-of-turn when queued dispatches exist but no task is in-progress. Complements this gate — Gap B runs at the queue boundary; tool-first runs at every turn.
+- **Existing — AI Worker Question Classifier (v2.21.0)**: Haiku classifier detects when a worker ends with a user-facing question. Complements this gate — question classifier is semantic; tool-first is structural.
+- **Existing — Worker Boundary Gate**: blocks `AskUserQuestion` in worker mode. Complements this gate — boundary gate blocks a specific tool; tool-first requires any tool.
+
+## Enforcement
+
+- Core logic: `scripts/hooks/core/worker-tool-first-gate.js`
+- Wired into: `scripts/hooks/entry/claude-code/stop.js` (after Gap B, before AI question classifier)
+- Template updated: `.workflow/templates/worker-rules.md` carries the contract verbatim so workers see it in every system prompt.

package/.claude/rules/alternative-execpolicy-toml-command-policy.md

@@ -0,0 +1,11 @@
+---
+alwaysApply: false
+description: "Alternative: execpolicy-style TOML Bash allow/deny policy layer - Rejected: 2026-04-24"
+---
+
+# Alternative: execpolicy-style TOML Bash allow/deny policy layer
+
+**Rejected**: 2026-04-24
+**Reason**: The spec framed WogiFlow as owner of Bash allow/deny wildcards. It isn't — `.claude/settings.local.json → permissions.{allow,deny,ask}` are enforced by Claude Code *before* any WogiFlow hook runs, and Claude Code already supports all three modes natively (see `.claude/rules/security/security-patterns.md` §6). WogiFlow's PreToolUse Bash gates (`git-safety-gate`, `deploy-gate`, `strike-gate`, `scope-mutation-gate`, `commit-log-gate`) are content-aware — not wildcard lists — so there is nothing for a TOML allowlist to "replace." Implementing the spec as written would duplicate Claude Code's native permission system with a strictly worse version (no UI integration, no session-scope memory, no settings-source hierarchy).
+**Chose instead**: Lean on Claude Code's native `permissions.{allow,deny,ask}` for allow/deny semantics. The only genuinely-additive piece of the D2 spec — **per-phase command overlay** (AC3) — should be re-specced as a small feature that reads phase-scoped overrides from `.workflow/config.json` and augments the existing `pre-tool-orchestrator.js`, if the need resurfaces from a real incident. Don't build it speculatively.
+**Source**: wf-ac2a8074 scope-confidence audit (user chose option A: drop the story entirely)

package/.claude/rules/alternative-hand-edit-ready-json-to-register-orpha.md

@@ -0,0 +1,11 @@
+---
+alwaysApply: false
+description: "Alternative: Hand-edit ready.json to register orphaned specs - Rejected: 2026-04-15"
+---
+
+# Alternative: Hand-edit ready.json to register orphaned specs
+
+**Rejected**: 2026-04-15
+**Reason**: CLAUDE.md memory-hierarchy rule forbids hand-editing `.workflow/state/` files to create tasks. Doing so bypasses routing telemetry and breaks the bypass-counter signal that surfaces actual workflow gaps.
+**Chose instead**: One-off script using `flow-utils` `getReadyData` / `saveReadyData` API. The script is self-documenting (kept in `.workflow/scratch/` for the auto-cleanup pass) and uses the same write path the runtime uses.
+**Source**: wf-a3cc5f2a session, state-sync between progress.md and ready.json after epic-episodic-memory wave.

package/.claude/rules/alternative-permission-ruleset-per-phase.md

@@ -0,0 +1,11 @@
+---
+alwaysApply: false
+description: "Alternative: Permission-ruleset-per-phase via WogiFlow hooks - Rejected: 2026-04-24"
+---
+
+# Alternative: Permission-ruleset-per-phase via WogiFlow hooks
+
+**Rejected**: 2026-04-24
+**Reason**: Same root cause as wf-ac2a8074 (D2). `.claude/settings.json → permissions.{allow,deny,ask}` is Claude Code's permission system, enforced by Claude Code itself before any WogiFlow hook fires. Making it phase-aware would require Claude Code to be phase-aware — out of WogiFlow's scope. WogiFlow's PreToolUse gates are content-aware (`git-safety-gate`, `scope-mutation-gate`, etc.), not wildcard permission lists, so there's nothing to "phase-scope" at this layer either.
+**Chose instead**: If real per-phase restrictions surface as a need from incident data, extend `pre-tool-orchestrator.js` with phase-scoped content-aware checks (e.g., "block `rm -rf` during validating phase"). Build that narrow thing from a real incident, not speculative per-phase rulesets.
+**Source**: wf-c6c75841 scope-confidence batch audit (user chose "drop H2" as part of the 1+2+3 combination)

package/.claude/rules/alternative-short-name.md

@@ -0,0 +1,12 @@
+---
+alwaysApply: false
+description: "Alternative: <short name> - Rejected: <YYYY-MM-DD>"
+---
+
+# Alternative: <short name>
+
+**Rejected**: <YYYY-MM-DD>
+**Reason**: <why we said no — be specific>
+**Chose instead**: <what we did instead, and where it lives>
+**Source**: <task ID, audit, or session that produced this decision>
+-->

package/.claude/rules/alternative-wogi-flow-as-mcp-client-oauth-manager.md

@@ -0,0 +1,11 @@
+---
+alwaysApply: false
+description: "Alternative: WogiFlow-as-MCP-client OAuth manager - Rejected: 2026-04-24"
+---
+
+# Alternative: WogiFlow-as-MCP-client OAuth manager (Cline McpHub pattern)
+
+**Rejected**: 2026-04-24
+**Reason**: WogiFlow is a workflow layer that runs *inside* a Claude Code session — it is not an MCP client. No `@modelcontextprotocol/sdk` dependency, no transport/stdio/server-connect code; existing `scripts/flow-mcp-*` scripts only *discover* capabilities Claude Code already exposes (`ToolSearch`, `ListMcpResourcesTool`). Cline's `McpHub` works because Cline owns the MCP client lifecycle. In our stack, Claude Code owns it — by the time a WogiFlow SessionStart hook fires, Claude Code has already loaded (or declined to load) its MCP servers, so "reconnect at session start" has no connection object to attach tokens to.
+**Chose instead**: Rely on Claude Code 2.1+ native MCP OAuth. If a future WogiFlow-as-standalone-agent runtime hosts its own MCP clients, revisit then with a fresh spec grounded in that runtime's lifecycle.
+**Source**: wf-8e97ac77 scope-confidence audit (user chose option C: drop the story entirely)