wogiflow 2.29.0 → 2.29.1

package/lib/wogi-claude

@@ -107,13 +107,78 @@ if [ "$__wogi_is_worker" -eq 1 ]; then
   fi
 fi
 
-# Resolve the empty-MCP config used for stripping. Persistent path so we don't
-# regenerate a tmpfile on every restart; living in .workflow/state/ keeps it
-# alongside other worker state.
+# Resolve the channel-only MCP config used for stripping. Persistent path
+# so we don't regenerate on every restart; living in .workflow/state/ keeps
+# it alongside other worker state.
+#
+# IMPORTANT — REGRESSION FIX (audit-channel-transport-001):
+#
+# The original Story A (wf-8294d960) wrote `{"mcpServers":{}}` — fully
+# empty — under the (unverified) assumption that workers don't need any
+# MCP servers in worker mode. That assumption was WRONG: it stripped
+# `wogi-workspace-channel` which IS the transport that the manager uses
+# to dispatch tasks to workers via `workspace_send_message` (the manager
+# HTTP-POSTs to the worker's channel-server port; with no MCP server,
+# there's no listener, so dispatches silently fail with "connection
+# refused"). Tier-3 evidence (end-to-end manager→worker dispatch) was
+# never collected; only boot-latency was measured. Story B
+# (wf-ab59f0e4) layered COMPLETION-SUMMARY routing on top of this
+# broken transport without auditing the dependency.
+#
+# The proper fix: extract ONLY the `wogi-workspace-channel` entry from
+# the worker's real `.mcp.json` and write a channel-only config. This
+# preserves Story A's boot-speed win (claude.ai MCP integrations stay
+# stripped) while keeping the workspace transport active. If the
+# worker's `.mcp.json` doesn't define `wogi-workspace-channel` (e.g.
+# this is not a workspace member), fall back to the empty MCP config
+# (the strip is harmless in non-workspace contexts).
 __wogi_empty_mcp_config=""
 if [ "$__wogi_strip_mcp" -eq 1 ]; then
-  __wogi_empty_mcp_config="${WOGI_WORKSPACE_ROOT:-$(pwd)}/.workflow/state/worker-empty-mcp.json"
-  if [ ! -f "$__wogi_empty_mcp_config" ]; then
+  __wogi_empty_mcp_config="${WOGI_WORKSPACE_ROOT:-$(pwd)}/.workflow/state/worker-channel-only-mcp.json"
+  __wogi_member_mcp_path="$(pwd)/.mcp.json"
+  if command -v node >/dev/null 2>&1; then
+    # Use the dedicated helper (testable; see tests/flow-worker-mcp-strip.test.js).
+    # Extracts ONLY the wogi-workspace-channel entry from the worker's real
+    # .mcp.json so manager-side workspace_send_message dispatch keeps working.
+    __wogi_strip_helper=""
+    for __wogi_candidate in \
+      "$(dirname "$0")/../scripts/flow-worker-mcp-strip.js" \
+      "$(npm root -g 2>/dev/null)/wogiflow/scripts/flow-worker-mcp-strip.js" \
+      "$(pwd)/node_modules/wogiflow/scripts/flow-worker-mcp-strip.js"; do
+      if [ -f "$__wogi_candidate" ]; then
+        __wogi_strip_helper="$__wogi_candidate"
+        break
+      fi
+    done
+    if [ -n "$__wogi_strip_helper" ]; then
+      node "$__wogi_strip_helper" "$__wogi_member_mcp_path" "$__wogi_empty_mcp_config" 2>/dev/null || __wogi_strip_mcp=0
+    else
+      # Helper not found — fall back to inline extraction (legacy code path
+      # for installs that pre-date the helper script).
+      node -e '
+        const fs = require("fs");
+        const path = require("path");
+        const [src, out] = process.argv.slice(1);
+        let channelEntry = null;
+        try {
+          if (fs.existsSync(src)) {
+            const cfg = JSON.parse(fs.readFileSync(src, "utf-8"));
+            const ws = cfg && cfg.mcpServers && cfg.mcpServers["wogi-workspace-channel"];
+            if (ws) channelEntry = ws;
+          }
+        } catch (_e) {}
+        const payload = channelEntry
+          ? { mcpServers: { "wogi-workspace-channel": channelEntry } }
+          : { mcpServers: {} };
+        fs.mkdirSync(path.dirname(out), { recursive: true });
+        const tmp = out + ".tmp." + process.pid;
+        fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + "\n");
+        fs.renameSync(tmp, out);
+      ' "$__wogi_member_mcp_path" "$__wogi_empty_mcp_config" 2>/dev/null || __wogi_strip_mcp=0
+    fi
+  else
+    # node missing — last-resort fallback. Empty config = manager dispatch
+    # will fail, but worker boot will still succeed.
     mkdir -p "$(dirname "$__wogi_empty_mcp_config")" 2>/dev/null
     printf '{"mcpServers":{}}\n' > "$__wogi_empty_mcp_config" 2>/dev/null || __wogi_strip_mcp=0
   fi

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.29.0",
+  "version": "2.29.1",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -10,7 +10,7 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
+    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
     "test:syntax": "find scripts/ lib/ -name '*.js' -not -path '*/node_modules/*' -exec node --check {} +",
     "lint": "eslint scripts/ lib/ tests/",
     "lint:ci": "eslint scripts/ lib/ tests/ --max-warnings 0",

package/scripts/flow-config-loader.js

@@ -368,8 +368,9 @@ function invalidateConfigCache() {
 // Config Value Access
 // ============================================================
 
-// Dangerous property names that could lead to prototype pollution
-const DANGEROUS_CONFIG_PROPS = new Set(['__proto__', 'constructor', 'prototype']);
+// Dangerous property names that could lead to prototype pollution.
+// Consolidated to flow-io canonical (audit dup-002 / wf-9fc4970b).
+const { DANGEROUS_KEYS: DANGEROUS_CONFIG_PROPS } = require('./flow-io');
 
 /**
  * Validate config path doesn't contain dangerous property names

package/scripts/flow-correction-detector.js

@@ -16,6 +16,7 @@
  */
 
 const path = require('node:path');
+const { DANGEROUS_KEYS } = require('./flow-io');
 const {
   PATHS,
   safeJsonParse,
@@ -695,11 +696,11 @@ function loadPendingCorrections() {
 // SEC-005 fix (2026-04-13): recursive prototype-pollution check for
 // array-rooted JSON. Returns true if __proto__/constructor/prototype found.
 function hasDangerousKeys(value) {
-  const dangerous = new Set(['__proto__', 'constructor', 'prototype']);
+  // Consolidated to flow-io canonical DANGEROUS_KEYS (audit dup-002 / wf-9fc4970b).
   const visit = (node, depth) => {
     if (depth > 8 || node === null || typeof node !== 'object') return false;
     for (const key of Object.getOwnPropertyNames(node)) {
-      if (dangerous.has(key)) return true;
+      if (DANGEROUS_KEYS.has(key)) return true;
       if (visit(node[key], depth + 1)) return true;
     }
     return false;

package/scripts/flow-prompt-composer.js

@@ -16,6 +16,7 @@
 
 const fs = require('node:fs');
 const path = require('node:path');
+const { DANGEROUS_KEYS } = require('./flow-io');
 const {
   PROJECT_ROOT,
   parseFlags,
@@ -341,7 +342,7 @@ function applyTemplate(template, data) {
   }
 
   // Forbidden keys to prevent prototype pollution (case-insensitive)
-  const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+  // Consolidated to flow-io canonical (audit dup-002 / wf-9fc4970b).
 
   // Simple substitution: {{key}} or {{object.key}}
   return template.replace(/\{\{([^}]+)\}\}/g, (match, path) => {
@@ -351,7 +352,7 @@ function applyTemplate(template, data) {
     for (const key of keys) {
       // Prevent prototype pollution attacks (case-insensitive check)
       const keyLower = key.toLowerCase();
-      if (FORBIDDEN_KEYS.has(keyLower)) return match;
+      if (DANGEROUS_KEYS.has(keyLower)) return match;
       if (value === undefined || value === null) return match;
       // Only access own properties
       if (!Object.hasOwn(value, key)) return match;

package/scripts/flow-prompt-template.js

@@ -38,8 +38,9 @@ const MODEL_TEMPLATE_MAP = {
   'gemini-2-flash': 'gemini-flash.yaml'
 };
 
-// Blocked keys for security (prototype pollution prevention)
-const BLOCKED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+// Blocked keys for security (prototype pollution prevention).
+// Consolidated to flow-io canonical (audit dup-002 / wf-9fc4970b).
+const { DANGEROUS_KEYS: BLOCKED_KEYS } = require('./flow-io');
 
 // ============================================================
 // YAML Parser (lightweight, no dependency)

package/scripts/flow-worker-mcp-strip.js

@@ -0,0 +1,122 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow — Worker MCP Strip Helper
+ *
+ * Generates a channel-only MCP config for worker boot. This is the proper
+ * fix for the audit-channel-transport-001 regression: Story A originally
+ * wrote `{"mcpServers":{}}` (fully empty) for boot speed, which silently
+ * stripped the `wogi-workspace-channel` MCP server — leaving manager-side
+ * `workspace_send_message` HTTP-POSTs unable to reach the worker.
+ *
+ * This script reads the worker member-repo's real `.mcp.json`, extracts
+ * ONLY the `wogi-workspace-channel` entry, and writes a channel-only
+ * config to a destination path. Result:
+ *   - claude.ai MCP integrations remain stripped (Story A's boot-speed win)
+ *   - The workspace transport remains active (manager dispatch works)
+ *
+ * Fallback: if the source `.mcp.json` doesn't define
+ * `wogi-workspace-channel` (e.g. the worker isn't a workspace member),
+ * the destination is written with `{"mcpServers":{}}` — harmless in
+ * non-workspace contexts.
+ *
+ * Usage:
+ *   node flow-worker-mcp-strip.js <source-mcp.json> <dest-mcp.json>
+ *
+ * Programmatic:
+ *   const { extractChannelOnlyConfig, writeChannelOnlyConfig } =
+ *     require('./flow-worker-mcp-strip');
+ *   const cfg = extractChannelOnlyConfig(srcPath);
+ *   writeChannelOnlyConfig(destPath, cfg);
+ *
+ * Exit codes:
+ *   0 — success (channel-only or empty config written)
+ *   1 — write failure (caller should fall back to no-strip)
+ */
+
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const CHANNEL_SERVER_NAME = 'wogi-workspace-channel';
+
+/**
+ * Read the source `.mcp.json` and return the channel-only config object.
+ * Never throws; returns the empty-config fallback on any failure.
+ */
+function extractChannelOnlyConfig(sourcePath) {
+  const empty = { mcpServers: {} };
+  if (!sourcePath || typeof sourcePath !== 'string') return empty;
+  try {
+    if (!fs.existsSync(sourcePath)) return empty;
+    const raw = fs.readFileSync(sourcePath, 'utf-8');
+    const parsed = JSON.parse(raw);
+    if (!parsed || typeof parsed !== 'object' || !parsed.mcpServers) return empty;
+    const entry = parsed.mcpServers[CHANNEL_SERVER_NAME];
+    if (!entry || typeof entry !== 'object') return empty;
+    return { mcpServers: { [CHANNEL_SERVER_NAME]: entry } };
+  } catch (_err) {
+    return empty;
+  }
+}
+
+/**
+ * Atomically write the channel-only config to destPath. Returns true on
+ * success, false on failure (caller should fall back).
+ */
+function writeChannelOnlyConfig(destPath, config) {
+  if (!destPath || typeof destPath !== 'string') return false;
+  try {
+    fs.mkdirSync(path.dirname(destPath), { recursive: true });
+    const tmp = `${destPath}.tmp.${process.pid}.${Math.random().toString(36).slice(2, 8)}`;
+    fs.writeFileSync(tmp, JSON.stringify(config, null, 2) + '\n');
+    fs.renameSync(tmp, destPath);
+    return true;
+  } catch (_err) {
+    return false;
+  }
+}
+
+/**
+ * Whether the resulting config preserves the channel transport (i.e. the
+ * worker will be reachable from the manager). Useful for callers that want
+ * to log a warning if dispatch will silently fail.
+ */
+function preservesChannelTransport(config) {
+  return Boolean(
+    config &&
+    config.mcpServers &&
+    config.mcpServers[CHANNEL_SERVER_NAME] &&
+    typeof config.mcpServers[CHANNEL_SERVER_NAME] === 'object'
+  );
+}
+
+module.exports = {
+  CHANNEL_SERVER_NAME,
+  extractChannelOnlyConfig,
+  writeChannelOnlyConfig,
+  preservesChannelTransport
+};
+
+if (require.main === module) {
+  const [src, dest] = process.argv.slice(2);
+  if (!src || !dest) {
+    process.stderr.write('Usage: flow-worker-mcp-strip <source-mcp.json> <dest-mcp.json>\n');
+    process.exit(1);
+  }
+  const cfg = extractChannelOnlyConfig(src);
+  const ok = writeChannelOnlyConfig(dest, cfg);
+  if (!ok) {
+    process.stderr.write(`[flow-worker-mcp-strip] failed to write ${dest}\n`);
+    process.exit(1);
+  }
+  if (!preservesChannelTransport(cfg)) {
+    process.stderr.write(
+      `[flow-worker-mcp-strip] WARNING: ${src} did not define ${CHANNEL_SERVER_NAME} — ` +
+      `worker will boot but manager dispatch will fail. ` +
+      `Run "flow workspace init" in the workspace root to regenerate .mcp.json.\n`
+    );
+  }
+  process.exit(0);
+}