wogiflow 2.26.2 → 2.29.1

package/scripts/hooks/core/session-end-skill-proposals.js

@@ -0,0 +1,58 @@
+'use strict';
+
+/**
+ * Wogi Flow — Session End: Skill Proposal Surfacing
+ *
+ * Reads pending skill proposals staged by `flow skill propose|patch|remove`
+ * and returns a structured summary for the session-end adapter to display.
+ *
+ * Agent-proposed changes do NOT auto-apply. The user reviews at session-end
+ * and runs `flow skill promote <name>` / `flow skill reject <name>`.
+ */
+
+const store = require('../../../lib/skill-proposal-store');
+
+function summarizePendingProposals() {
+  let pending;
+  try {
+    pending = store.listProposals({ status: 'pending' });
+  } catch (_err) {
+    return null;
+  }
+  if (!pending || pending.length === 0) return null;
+
+  const byAction = { propose: 0, patch: 0, remove: 0 };
+  const lines = [];
+  for (const p of pending) {
+    byAction[p.action] = (byAction[p.action] || 0) + 1;
+    const icon = p.action === 'propose' ? '+' : p.action === 'patch' ? '~' : '-';
+    const rationale = p.rationale ? ` — ${p.rationale}` : '';
+    lines.push(`  ${icon} ${p.skillName} (${p.action}, ${p.id})${rationale}`);
+  }
+
+  return {
+    count: pending.length,
+    byAction,
+    proposals: pending,
+    lines,
+    message: formatMessage(pending.length, byAction, lines),
+  };
+}
+
+function formatMessage(count, byAction, lines) {
+  const plural = count !== 1 ? 's' : '';
+  const breakdown = Object.entries(byAction)
+    .filter(([, n]) => n > 0)
+    .map(([a, n]) => `${n} ${a}`)
+    .join(', ');
+  return [
+    `${count} pending skill proposal${plural} (${breakdown}):`,
+    ...lines,
+    '',
+    'Review with: flow skill pending',
+    'Approve:     flow skill promote <name>',
+    'Discard:     flow skill reject <name>',
+  ].join('\n');
+}
+
+module.exports = { summarizePendingProposals };

package/scripts/hooks/core/session-end.js

@@ -68,6 +68,31 @@ function handleSessionEnd(input) {
       result.logged = false;
     }
 
+    // Surface pending skill proposals staged by `flow skill propose|patch|remove`.
+    // These await user approval (`flow skill promote|reject`) at session end.
+    try {
+      const { summarizePendingProposals } = require('./session-end-skill-proposals');
+      const summary = summarizePendingProposals();
+      if (summary) {
+        result.pendingSkillProposals = summary;
+      }
+    } catch (_err) {
+      // Non-critical — never block session end
+    }
+
+    // Surface pending IGR-artifact memory proposals staged by `flow memory
+    // propose`. These await user approval (`flow memory approve|reject`) at
+    // session end. Story: wf-4434851f.
+    try {
+      const { summarizePendingMemoryProposals } = require('./session-end-memory-proposals');
+      const summary = summarizePendingMemoryProposals();
+      if (summary) {
+        result.pendingMemoryProposals = summary;
+      }
+    } catch (_err) {
+      // Non-critical — never block session end
+    }
+
     // Scratch directory cleanup — remove temp files created during session
     try {
       const fs = require('node:fs');

package/scripts/hooks/core/setup-handler.js

@@ -45,7 +45,7 @@ function getSetupConfig() {
  * @returns {Object} Result: { needsSetup, message, action, context }
  */
 function handleSetup(options = {}) {
-  const { trigger = 'init' } = options;
+  const { _trigger = 'init' } = options;
 
   if (!isSetupEnabled()) {
     return {

package/scripts/hooks/core/task-boundary-reset.js

@@ -51,6 +51,7 @@ const { safeJsonParse } = require('../../flow-io');
 
 const PENDING_MARKER_FILE = 'task-just-completed';
 const LAST_TRIGGERED_FILE = 'task-boundary-last-triggered';
+const CLEAN_COMPLETION_MARKER_FILE = 'task-boundary-clean-completion.json';
 // Window during which a recentlyCompleted[0] entry is considered "fresh
 // enough" to retro-mark Phase 1 from the Stop hook. Large enough to cover
 // a slow quality-gate run; small enough that a session opened hours later
@@ -69,6 +70,56 @@ function getLastTriggeredPath() {
   return path.join(PATHS.state, LAST_TRIGGERED_FILE);
 }
 
+function getCleanCompletionMarkerPath() {
+  return path.join(PATHS.state, CLEAN_COMPLETION_MARKER_FILE);
+}
+
+/**
+ * Write the clean-completion marker when Phase 2 successfully restarts after a
+ * cleanly-completed task. The next session's SessionStart hook reads this
+ * marker to decide whether to inject an AUTO-PICKUP block (wf-f267ea2a).
+ *
+ * Best-effort — failure here does NOT abort the restart; auto-pickup just
+ * won't fire for this restart.
+ */
+function writeCleanCompletionMarker(taskId, taskTitle, options = {}) {
+  // Durable write (Story E / wf-e28b6cd8 — Blocker M2 fix).
+  //
+  // Original failure mode: writeFileSync schedules the data; the kernel buffers
+  // it; SIGTERM is dispatched; the process exits before the buffer reaches
+  // disk. The restarted session sees no marker → cascade silently fails.
+  //
+  // Fix: write to a tmp file, fsync the FILE, atomic-rename to final, fsync
+  // the DIRECTORY. The directory fsync is what guarantees the rename itself
+  // is durable across the SIGTERM/relaunch boundary.
+  try {
+    const p = getCleanCompletionMarkerPath();
+    const dir = path.dirname(p);
+    fs.mkdirSync(dir, { recursive: true });
+    const payload = {
+      version: 1,
+      completedTaskId: taskId || null,
+      completedTaskTitle: taskTitle || null,
+      completedAt: new Date().toISOString(),
+      ...(options.nextTaskId ? { nextTaskId: options.nextTaskId } : {})
+    };
+    const data = JSON.stringify(payload);
+    const tmp = `${p}.tmp.${process.pid}.${Math.random().toString(36).slice(2, 8)}`;
+    const fd = fs.openSync(tmp, 'w');
+    try {
+      fs.writeSync(fd, data);
+      fs.fsyncSync(fd);
+    } finally {
+      fs.closeSync(fd);
+    }
+    fs.renameSync(tmp, p);
+    try {
+      const dfd = fs.openSync(dir, 'r');
+      try { fs.fsyncSync(dfd); } finally { fs.closeSync(dfd); }
+    } catch (_err) { /* directory fsync is best-effort */ }
+  } catch (_err) { /* best effort — auto-pickup just won't fire if this fails */ }
+}
+
 function readLastTriggered() {
   try {
     return safeJsonParse(getLastTriggeredPath(), null);
@@ -155,9 +206,13 @@ function checkPreconditions() {
  * Returns a result object for diagnostics; never throws. If something goes
  * wrong, the Stop hook should continue with its normal flow.
  *
- * @returns {{ triggered: boolean, reason?: string, flagPath?: string, parentPid?: number }}
+ * @param {Object} [opts]
+ * @param {string} [opts.transcriptPath] - Claude Code transcript path, used by
+ *   the main-mode question classifier safety net. When absent, the classifier
+ *   step is skipped (fail-open).
+ * @returns {Promise<{ triggered: boolean, reason?: string, flagPath?: string, parentPid?: number }>}
  */
-function consumeAndTriggerRestart() {
+async function consumeAndTriggerRestart(opts = {}) {
   const markerPath = getPendingMarkerPath();
   if (!fs.existsSync(markerPath)) {
     return { triggered: false, reason: 'no-pending-marker' };
@@ -173,6 +228,42 @@ function consumeAndTriggerRestart() {
     }
   } catch (_err) { /* flow-ask may not be present in older installs; degrade open */ }
 
+  // Main-mode question classifier safety net (wf-191d5f6e). Catches the case
+  // where the AI ends a turn with an open user-facing question but forgot to
+  // call `flow ask` first. On a YES classification, auto-write the
+  // pending-question marker and defer the restart. Fail-open throughout —
+  // any error or skip falls through to normal restart logic.
+  try {
+    const isWorker = process.env.WOGI_WORKSPACE_ROOT &&
+                     process.env.WOGI_REPO_NAME &&
+                     process.env.WOGI_REPO_NAME !== 'manager';
+    if (!isWorker) {
+      const config = getConfig();
+      const clf = config.mainModeQuestionClassifier;
+      const enabled = clf?.enabled !== false;  // default true
+      if (enabled && opts.transcriptPath) {
+        const { classifyQuestion } = require('../../flow-worker-question-classifier');
+        const result = await classifyQuestion({
+          mode: 'main',
+          transcriptPath: opts.transcriptPath,
+          minConfidence: Number.isFinite(clf?.minConfidence) ? clf.minConfidence : 70,
+          model: typeof clf?.model === 'string' ? clf.model : undefined
+        });
+        if (result?.blocked) {
+          try {
+            const { markQuestionPending } = require('../../flow-ask');
+            markQuestionPending(`auto-deferred: ${String(result.reason || 'classifier detected open question').slice(0, 500)}`);
+          } catch (_err) { /* best effort — marker write failure falls through to restart */ }
+          return { triggered: false, reason: 'auto-deferred-question-detected' };
+        }
+      }
+    }
+  } catch (err) {
+    if (process.env.DEBUG) {
+      console.error(`[task-boundary-reset] main-mode classifier error (fail-open): ${err.message}`);
+    }
+  }
+
   const pre = checkPreconditions();
   if (!pre.ready) {
     if (process.env.DEBUG) {
@@ -210,6 +301,13 @@ function consumeAndTriggerRestart() {
     return { triggered: false, reason: `flag-write-failed: ${err.message}` };
   }
 
+  // Write the clean-completion marker so the NEXT session's SessionStart
+  // hook can inject the AUTO-PICKUP block (wf-f267ea2a). This is gated on
+  // config.taskBoundaryReset.autoPickupNextTask in session-context.js — the
+  // marker is always written here when Phase 2 fires (cheap, harmless), and
+  // session-context decides whether to act on it.
+  writeCleanCompletionMarker(markerPayload?.taskId, markerPayload?.taskTitle);
+
   // SIGTERM our parent (claude). The wrapper sees the flag on claude's exit
   // and restarts. If SIGTERM turns out to not shut claude down cleanly in
   // real testing, try SIGHUP or SIGINT as fallbacks (see spec wf-39e9dc09).
@@ -329,6 +427,8 @@ module.exports = {
   checkPreconditions,
   hasPendingMarker,
   getPendingMarkerPath,
+  getCleanCompletionMarkerPath,
+  writeCleanCompletionMarker,
 
   // Back-compat: earlier code calls this name. Route it to Phase 1 so existing
   // wiring in task-completed.js still does the right thing (mark the marker,
@@ -352,8 +452,14 @@ if (require.main === module) {
     process.exit(0);
   }
   if (arg === 'consume') {
-    console.log(JSON.stringify(consumeAndTriggerRestart(), null, 2));
-    process.exit(0);
+    consumeAndTriggerRestart().then((r) => {
+      console.log(JSON.stringify(r, null, 2));
+      process.exit(0);
+    }).catch((err) => {
+      console.error(err.message);
+      process.exit(1);
+    });
+    return;
   }
   console.log('Usage: node task-boundary-reset.js <check|has-pending|mark|consume>');
   process.exit(2);

package/scripts/hooks/core/worker-boundary-gate.js

@@ -99,7 +99,78 @@ function isWorkspaceWorker() {
   return true;
 }
 
+/**
+ * Path-discipline gate (Story B / wf-ab59f0e4 — Phase 4.5).
+ *
+ * Single-writer invariant: workers NEVER write into the workspace-manager
+ * tree (`<workspace>/.workspace/**`); the manager NEVER writes into worker
+ * member-repo `.workflow/state/**` paths. Cross-process state coordination
+ * happens exclusively via the channel-dispatch HTTP bus.
+ *
+ * Without this check, a confused worker (or hostile prompt-injection
+ * payload that talked the worker into editing manager state) could corrupt
+ * `dispatched-tasks.json` for ALL workers in the workspace. The check
+ * fails LOUD (block + clear error) so the boundary violation is impossible
+ * to ignore — silent corruption is the worst-case alternative.
+ *
+ * Returns the same `{ blocked, reason?, message? }` shape as
+ * `checkWorkerBoundary` so the caller can compose the two checks.
+ *
+ * @param {string} toolName
+ * @param {Object} toolInput - { file_path } for Edit/Write
+ * @returns {{ blocked: boolean, reason?: string, message?: string }}
+ */
+function checkPathDiscipline(toolName, toolInput) {
+  if (!process.env.WOGI_WORKSPACE_ROOT) return { blocked: false };
+  const writeTools = new Set(['Edit', 'Write', 'NotebookEdit']);
+  if (!writeTools.has(toolName)) return { blocked: false };
+  const filePath = toolInput && (toolInput.file_path || toolInput.notebook_path);
+  if (typeof filePath !== 'string' || !filePath) return { blocked: false };
+
+  const repo = process.env.WOGI_REPO_NAME || '';
+  const root = process.env.WOGI_WORKSPACE_ROOT;
+  const managerStateDir = `${root.replace(/\/+$/, '')}/.workspace/`;
+  const memberStateDirRegex = /\/members?\/[^/]+\/\.workflow\/state\//;
+
+  if (repo && repo !== 'manager') {
+    if (filePath.startsWith(managerStateDir)) {
+      return {
+        blocked: true,
+        reason: 'path-discipline-worker',
+        message: [
+          `PATH DISCIPLINE: workers MUST NOT write to manager-owned files.`,
+          ``,
+          `Blocked: ${filePath}`,
+          ``,
+          `${managerStateDir}** is owned by the manager process.`,
+          `Use the channel-dispatch HTTP bus to communicate with the manager;`,
+          `never edit shared workspace state directly. See Story B (wf-ab59f0e4)`,
+          `Phase 4.5 in .workflow/changes/wf-ab59f0e4.md.`
+        ].join('\n')
+      };
+    }
+  }
+
+  if (repo === 'manager' && memberStateDirRegex.test(filePath)) {
+    return {
+      blocked: true,
+      reason: 'path-discipline-manager',
+      message: [
+        `PATH DISCIPLINE: manager MUST NOT write to worker member-repo state.`,
+        ``,
+        `Blocked: ${filePath}`,
+        ``,
+        `Worker member-repos own their own .workflow/state/. Send a channel`,
+        `dispatch to the worker if state changes are needed there.`
+      ].join('\n')
+    };
+  }
+
+  return { blocked: false };
+}
+
 module.exports = {
   checkWorkerBoundary,
+  checkPathDiscipline,
   isWorkspaceWorker
 };

package/scripts/hooks/core/worker-tool-first-gate.js

@@ -0,0 +1,275 @@
+'use strict';
+
+/**
+ * Worker Tool-First Turn Gate — G1 + G4 + G6 (epic wf-34290000, Workstream G)
+ *
+ * In workspace worker mode, every turn that follows a UserPromptSubmit
+ * (channel dispatch from the manager) MUST contain at least one tool call,
+ * and — in strict mode — the first assistant content block MUST be a tool
+ * call, not text.
+ *
+ * Why this exists
+ * ----------------
+ * Workers communicate with the manager via tool calls (channel dispatches,
+ * file edits, test runs) and structured `## Results` payloads. A pure-text
+ * response from a worker is invisible to the user (who only sees the manager
+ * terminal) and disqualifies the worker from the three-state end-of-turn
+ * contract (ACTION | ESCALATION | IDLE — see CLAUDE.md rule "Workspace
+ * Autonomous-Mode Action-After-Completion Contract").
+ *
+ * Three violations this gate detects
+ * ----------------------------------
+ *   G1 — silent halt:            zero tool_use blocks in the turn
+ *   G4 — text-before-tool-call:  first content block is text, not tool_use
+ *                                (strict mode only)
+ *   G6 — documented contract:    the named "worker-tool-first-turn" rule
+ *                                referenced in block messages, so the worker
+ *                                sees one coherent contract, not three gates.
+ *
+ * Fail-open throughout: missing transcript, parse errors, config errors all
+ * return `{ blocked: false }`. Silent-halt false-negatives are recoverable;
+ * blocking legitimate stops on a gate bug is not.
+ *
+ * Scope: worker mode only. Main-mode (non-workspace) turns are unaffected —
+ * the caller must gate on `isWorkerMode()` before invoking this check.
+ */
+
+const fs = require('node:fs');
+
+const MAX_TRANSCRIPT_BYTES = 4 * 1024 * 1024;  // 4MB cap — large transcripts read last-N lines only
+
+/**
+ * Inspect the current turn in a worker transcript and determine whether it
+ * violates the tool-first contract.
+ *
+ * @param {Object} opts
+ * @param {string} opts.transcriptPath - absolute path to Claude Code JSONL transcript
+ * @param {boolean} [opts.strict=true]  - when true, also flag text-before-tool-call
+ * @returns {{ blocked: boolean, reason?: string, violation?: 'silent-halt'|'text-before-tool-call', ruleId?: string }}
+ */
+function checkWorkerToolFirstTurn(opts) {
+  const { transcriptPath, strict = true } = opts || {};
+  if (!transcriptPath || typeof transcriptPath !== 'string') {
+    return { blocked: false, reason: 'no-transcript-path' };
+  }
+
+  const events = readTranscript(transcriptPath);
+  if (!events) {
+    return { blocked: false, reason: 'transcript-unreadable' };
+  }
+
+  const turn = extractCurrentTurn(events);
+  if (!turn) {
+    return { blocked: false, reason: 'no-current-turn' };
+  }
+
+  // G1 — zero tool_use blocks across the entire turn.
+  if (turn.toolUseCount === 0) {
+    return {
+      blocked: true,
+      violation: 'silent-halt',
+      ruleId: 'worker-tool-first-turn',
+      reason: 'worker turn after UserPromptSubmit had zero tool calls (silent-halt / text-only response)'
+    };
+  }
+
+  // G4 — first content block is text, not tool_use (strict mode only).
+  if (strict && turn.firstBlockType === 'text') {
+    return {
+      blocked: true,
+      violation: 'text-before-tool-call',
+      ruleId: 'worker-tool-first-turn',
+      reason: 'worker turn began with a text block before any tool call (text-before-tool-call)'
+    };
+  }
+
+  return { blocked: false };
+}
+
+/**
+ * Read a JSONL transcript and return parsed event objects. Large transcripts
+ * are truncated to the last MAX_TRANSCRIPT_BYTES by reading the file size
+ * and, if oversized, reading only the tail. This bounds per-Stop overhead.
+ *
+ * Returns null on any IO failure (fail-open signal to the caller).
+ */
+function readTranscript(p) {
+  let raw;
+  try {
+    const stat = fs.statSync(p);
+    if (stat.size > MAX_TRANSCRIPT_BYTES) {
+      // Read the last MAX_TRANSCRIPT_BYTES — the first partial line will be
+      // dropped by JSON.parse failure (we skip unparseable lines).
+      const fd = fs.openSync(p, 'r');
+      try {
+        const buf = Buffer.alloc(MAX_TRANSCRIPT_BYTES);
+        fs.readSync(fd, buf, 0, MAX_TRANSCRIPT_BYTES, stat.size - MAX_TRANSCRIPT_BYTES);
+        raw = buf.toString('utf-8');
+      } finally {
+        fs.closeSync(fd);
+      }
+    } else {
+      raw = fs.readFileSync(p, 'utf-8');
+    }
+  } catch (_err) {
+    return null;
+  }
+  if (!raw) return [];
+
+  const events = [];
+  const lines = raw.split('\n');
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (!trimmed) continue;
+    try {
+      events.push(JSON.parse(trimmed));
+    } catch (_err) {
+      // Unparseable line (likely the truncated first line when we tailed the
+      // file, or a mid-write line) — skip.
+    }
+  }
+  return events;
+}
+
+/**
+ * From a list of transcript events, isolate the current turn: everything
+ * AFTER the most recent user message. Returns turn-level summary:
+ *
+ *   {
+ *     toolUseCount: number,      // total tool_use blocks in the turn
+ *     firstBlockType: 'text'|'tool_use'|null,  // first assistant block type
+ *     assistantEventCount: number
+ *   }
+ *
+ * Returns null if no user message is found (pre-dispatch — not a worker turn
+ * we should gate).
+ */
+function extractCurrentTurn(events) {
+  if (!Array.isArray(events) || events.length === 0) return null;
+
+  // Find the last user message index. Scan from end.
+  let lastUserIdx = -1;
+  for (let i = events.length - 1; i >= 0; i--) {
+    if (isUserEvent(events[i])) {
+      lastUserIdx = i;
+      break;
+    }
+  }
+  if (lastUserIdx === -1) return null;
+
+  // Collect assistant blocks after the last user message, in order.
+  let toolUseCount = 0;
+  let firstBlockType = null;
+  let assistantEventCount = 0;
+
+  for (let i = lastUserIdx + 1; i < events.length; i++) {
+    const entry = events[i];
+    if (!isAssistantEvent(entry)) continue;
+    assistantEventCount++;
+    const blocks = extractContentBlocks(entry);
+    for (const block of blocks) {
+      if (!block || typeof block !== 'object') continue;
+      const t = block.type;
+      if (!firstBlockType && (t === 'text' || t === 'tool_use')) {
+        firstBlockType = t;
+      }
+      if (t === 'tool_use') {
+        toolUseCount++;
+      }
+    }
+  }
+
+  return { toolUseCount, firstBlockType, assistantEventCount };
+}
+
+function isUserEvent(entry) {
+  if (!entry || typeof entry !== 'object') return false;
+  return (
+    entry.role === 'user' ||
+    entry.type === 'user' ||
+    (entry.message && entry.message.role === 'user')
+  );
+}
+
+function isAssistantEvent(entry) {
+  if (!entry || typeof entry !== 'object') return false;
+  return (
+    entry.role === 'assistant' ||
+    entry.type === 'assistant' ||
+    (entry.message && entry.message.role === 'assistant')
+  );
+}
+
+/**
+ * Extract the content-blocks array from a transcript event. Claude Code's
+ * transcript format has evolved, so accept any of:
+ *   { content: [ {...} ] }
+ *   { message: { content: [ {...} ] } }
+ *   { content: 'string' }       → [{ type: 'text', text: 'string' }]
+ *   { message: { content: '...' } } same
+ */
+function extractContentBlocks(entry) {
+  const content = entry.content ?? entry.message?.content;
+  if (typeof content === 'string') {
+    return [{ type: 'text', text: content }];
+  }
+  if (Array.isArray(content)) {
+    return content;
+  }
+  return [];
+}
+
+/**
+ * Render the standard block message the Stop hook returns when a violation
+ * is detected. Centralised so G6 (contract name) stays consistent across
+ * violations.
+ */
+function renderBlockMessage({ violation, reason }) {
+  const port = process.env.WOGI_MANAGER_PORT || '8800';
+  const repo = process.env.WOGI_REPO_NAME || '<worker>';
+  const head = violation === 'text-before-tool-call'
+    ? 'WORKER CONTRACT VIOLATION: text-before-tool-call'
+    : 'WORKER CONTRACT VIOLATION: silent-halt (zero tool calls)';
+  return [
+    head,
+    '',
+    `Rule: worker-tool-first-turn`,
+    `Why: ${reason}`,
+    '',
+    'The worker start-of-turn contract requires every turn after a UserPromptSubmit to',
+    'have at least one tool call, with the first content block being a tool call in',
+    'strict mode. Pure-text responses are invisible to the user and disqualify the',
+    'three-state end-of-turn contract (ACTION | ESCALATION | IDLE).',
+    '',
+    'Do ONE of these NOW:',
+    '  (a) ACTION — invoke the tool you intended to use',
+    '  (b) ESCALATE — channel-dispatch a "## QUESTION:" to the manager:',
+    `      curl -s -X POST http://127.0.0.1:${port} \\`,
+    `        -H "X-Wogi-From: ${repo}" \\`,
+    `        --data-binary "## QUESTION: <your question>"`,
+    '  (c) REPLY with ## Results — channel-dispatch the structured task reply to manager',
+    '',
+    'Then end the turn.'
+  ].join('\n');
+}
+
+/**
+ * Convenience: determine worker mode from env. Exported so callers don\'t
+ * have to duplicate the env-check pattern.
+ */
+function isWorkerMode() {
+  return Boolean(
+    process.env.WOGI_WORKSPACE_ROOT &&
+    process.env.WOGI_REPO_NAME &&
+    process.env.WOGI_REPO_NAME !== 'manager'
+  );
+}
+
+module.exports = {
+  checkWorkerToolFirstTurn,
+  renderBlockMessage,
+  isWorkerMode,
+  // Exported for tests
+  extractCurrentTurn,
+  readTranscript
+};

package/scripts/hooks/entry/claude-code/post-tool-use.js

@@ -11,7 +11,7 @@
  */
 
 const { runValidation } = require('../../core/validation');
-const { captureObservation } = require('../../core/observation-capture');
+const { captureObservation, selectDuration } = require('../../core/observation-capture');
 const { runHook } = require('../shared/hook-runner');
 
 function extractErrorMessage(toolResponse) {
@@ -47,7 +47,7 @@ runHook('PostToolUse', async ({ parsedInput }) => {
       toolName,
       toolInput,
       toolResponse,
-      duration: Date.now() - startTime,
+      duration: selectDuration(parsedInput, Date.now() - startTime),
       explorationStatus: toolFailed ? 'rejected' : undefined,
       rejectionReason: toolFailed ? extractErrorMessage(toolResponse) : undefined
     });

package/scripts/hooks/entry/claude-code/pre-tool-use.js

@@ -63,7 +63,12 @@ try { checkGitSafety = require('../../core/git-safety-gate').checkGitSafety; } c
 let checkManagerBoundary = _noop;
 try { checkManagerBoundary = require('../../core/manager-boundary-gate').checkManagerBoundary; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Manager boundary gate not loaded: ${_err.message}`); }
 let checkWorkerBoundary = _noop;
-try { checkWorkerBoundary = require('../../core/worker-boundary-gate').checkWorkerBoundary; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Worker boundary gate not loaded: ${_err.message}`); }
+let checkPathDiscipline = _noop;
+try {
+  const wbg = require('../../core/worker-boundary-gate');
+  checkWorkerBoundary = wbg.checkWorkerBoundary;
+  checkPathDiscipline = wbg.checkPathDiscipline;
+} catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Worker boundary gate not loaded: ${_err.message}`); }
 
 const { claudeCodeAdapter } = require('../../adapters/claude-code');
 const { markSkillPending } = require('../../../flow-durable-session');
@@ -101,7 +106,7 @@ runHook('PreToolUse', async ({ input, parsedInput }) => {
     recordEvidenceRead, checkSpecWriteGate, clearResearchEvidence,
     checkDeployGate, checkWriteBlock,
     checkStrikeGate, checkBugfixScope, checkScopeMutation,
-    checkGitSafety, checkManagerBoundary, checkWorkerBoundary,
+    checkGitSafety, checkManagerBoundary, checkWorkerBoundary, checkPathDiscipline,
     // Side-effect helpers
     markSkillPending,
     // Config + runtime