wogiflow 2.29.0 → 2.29.2

package/.claude/docs/intent-grounded-reasoning.md

@@ -18,7 +18,7 @@ Research finding: across 1,309 user messages mined, first-pass agent output was
 | 1 | **Intent Bootstrap** — scaffolds product/domain/glossary/user-journeys artifacts; agnostic trap-zone detector finds structural ambiguities | `scripts/flow-intent-bootstrap.js` + `scripts/flow-trap-zone.js` |
 | 2 | **Intent Framing Pass** — per-task reasoning step; produces a Framing Artifact resolving ambiguities before any other work | `scripts/flow-intent-framing.js` |
 | 3 | **Architect Pass** — read-only sub-agent produces an 8-section pre-spec plan | `scripts/flow-architect-pass.js` + persona `.workflow/agents/architect.md` |
-| 4 | **Logic Adversary** — separate sub-agent on a different model critiques the plan against the 11-principle Logic Constitution (v2 adds Principle 11 — Platform Capability Grounding) | `scripts/flow-logic-adversary.js` + rubric `.workflow/rubrics/logic-constitution-v2.md` |
+| 4 | **Logic Adversary** — separate sub-agent on a different model critiques the plan against the 11-principle Logic Constitution (v2: P11 + sub-principles 11.1–11.4 covering observed-behavior, project rules, sibling features, and stacked-story integration) | `scripts/flow-logic-adversary.js` + rubric `.workflow/rubrics/logic-constitution-v2.md` |
 | 5 | **Session Correction Memory** — detects user corrections during a session and cross-references back to gates that passed the contradicted work | extensions in `scripts/flow-correction-detector.js` |
 | 6 | **Completion Truth Gate** — audits "done" claims against Tier 0–4 evidence; downgrades language when evidence is insufficient | `scripts/flow-completion-truth-gate.js` |
 | 7 | **Pipeline wiring + rollout** — integrates all above into `/wogi-start`, the gate registry, the eval framework | (this story) |

package/.workflow/templates/partials/methodology-rules.hbs

@@ -135,6 +135,37 @@ If artifacts don't exist yet, run `node scripts/flow-intent-bootstrap.js bootstr
 
 ---
 
+### Cross-Story Integration Tier-3 Rule
+
+When Story B layers behavior on top of infrastructure shipped by Story A (or any prior commit), Story B's IGR pass MUST treat that infrastructure as an audited dependency, not as a given. Within-module unit tests that pin Story B's local behavior do NOT verify that Story A's contract holds for Story B's usage.
+
+**Mandatory for every layering story:**
+
+1. **Architect output names upstream dependencies.** A "Dependencies" section lists prior stories/commits + the specific contract relied on (interface signature, file format, transport, invariant). "I'm reusing Story A's X" is not enough; quote the contract.
+
+2. **Adversary challenges the dependency.** "What if Story A's invariant doesn't hold? What's the failure mode? What evidence proves Story A's contract is intact for THIS usage?" The adversary's job is finding the assumption Story B silently inherits.
+
+3. **At least one Tier-3 integration test exercises the chain end-to-end.** Not a unit test of Story B in isolation — a test that simulates a real run through both stories' code paths. If Story A's output flows into Story B's input, the test feeds a real Story-A output through Story B and asserts the output. Mark the test `// regression-tier3` so future readers know its purpose.
+
+4. **Pre-release gate verifies stacked coverage.** Before tagging a release, identify any commits that layer on prior commits in the same release. For each, confirm a Tier-3 integration test exists. Missing Tier-3 + stacked stories → block release.
+
+**Why:** unit tests within a story boundary catch the story's own bugs but miss every regression where the story's correct behavior depends on a broken upstream. The 2026-04-26 incident (audit-channel-transport-001) was caused by exactly this gap: Story A stripped MCP servers including the workspace-channel transport itself; Story B layered task-completion routing on top; both stories' tests passed; manager dispatch silently failed in production. Self-IGR caught Story B's local correctness but missed that the upstream contract was broken.
+
+**Anti-rationalization:**
+- *"The upstream story has its own tests"* → WRONG. Their tests pin THEIR contract. Your Tier-3 test pins YOUR usage of their contract.
+- *"It's expensive to set up an integration test"* → WRONG. The 2026-04-26 incident cost a v2.29.1 hot-fix release. Set up time amortizes; regression cost compounds.
+- *"Self-IGR is enough; we don't need the actual adversary subagent"* → WRONG. Self-IGR pattern-matches on the same model that wrote the plan; the cross-story dependency is exactly the blind spot a different-model adversary catches.
+
+**How to apply** (concrete checks for any layering story):
+- `git log --oneline <prior-N-commits>` — which earlier work does this story sit on?
+- For each, write the contract you're relying on: "Story A delivers X via Y."
+- `grep -r "<Story A's interface>"` — is the contract still intact in HEAD?
+- Write the Tier-3 test BEFORE writing Story B's code. If the test cannot be written without first standing up infrastructure that makes the integration verifiable, that's a signal the architecture needs that infrastructure too.
+
+Enforced by: Logic Constitution v2 sub-principle 11.4 (Stacked-story integration verification). Pre-release gate consumes this signal before tagging.
+
+---
+
 ### Autonomous Walk-Away Mode
 
 The user can dump N items, say "go until you finish" / "autonomous mode" / "run this autonomously" / "don't bother me, just do it" (or similar phrases — see `flow-autonomous-detector.js`), and walk away. While the run is active:

package/lib/mode-schema.js

@@ -2,6 +2,7 @@
 
 const fs = require('node:fs');
 const path = require('node:path');
+const { DANGEROUS_KEYS } = require('../scripts/flow-io');
 
 const MODES_DIR = path.join(process.cwd(), '.workflow', 'modes');
 
@@ -17,7 +18,7 @@ const REQUIRED_FIELDS = ['name', 'roleDefinition', 'whenToUse'];
 const OPTIONAL_FIELDS = ['customInstructions', 'allowedToolGroups'];
 const ALL_FIELDS = new Set([...REQUIRED_FIELDS, ...OPTIONAL_FIELDS]);
 
-const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+// DANGEROUS_KEYS imported from scripts/flow-io canonical (audit dup-002 / wf-9fc4970b).
 
 function parseModeYaml(content, sourceLabel = '<inline>') {
   const result = Object.create(null);

package/lib/wogi-claude

@@ -107,13 +107,78 @@ if [ "$__wogi_is_worker" -eq 1 ]; then
   fi
 fi
 
-# Resolve the empty-MCP config used for stripping. Persistent path so we don't
-# regenerate a tmpfile on every restart; living in .workflow/state/ keeps it
-# alongside other worker state.
+# Resolve the channel-only MCP config used for stripping. Persistent path
+# so we don't regenerate on every restart; living in .workflow/state/ keeps
+# it alongside other worker state.
+#
+# IMPORTANT — REGRESSION FIX (audit-channel-transport-001):
+#
+# The original Story A (wf-8294d960) wrote `{"mcpServers":{}}` — fully
+# empty — under the (unverified) assumption that workers don't need any
+# MCP servers in worker mode. That assumption was WRONG: it stripped
+# `wogi-workspace-channel` which IS the transport that the manager uses
+# to dispatch tasks to workers via `workspace_send_message` (the manager
+# HTTP-POSTs to the worker's channel-server port; with no MCP server,
+# there's no listener, so dispatches silently fail with "connection
+# refused"). Tier-3 evidence (end-to-end manager→worker dispatch) was
+# never collected; only boot-latency was measured. Story B
+# (wf-ab59f0e4) layered COMPLETION-SUMMARY routing on top of this
+# broken transport without auditing the dependency.
+#
+# The proper fix: extract ONLY the `wogi-workspace-channel` entry from
+# the worker's real `.mcp.json` and write a channel-only config. This
+# preserves Story A's boot-speed win (claude.ai MCP integrations stay
+# stripped) while keeping the workspace transport active. If the
+# worker's `.mcp.json` doesn't define `wogi-workspace-channel` (e.g.
+# this is not a workspace member), fall back to the empty MCP config
+# (the strip is harmless in non-workspace contexts).
 __wogi_empty_mcp_config=""
 if [ "$__wogi_strip_mcp" -eq 1 ]; then
-  __wogi_empty_mcp_config="${WOGI_WORKSPACE_ROOT:-$(pwd)}/.workflow/state/worker-empty-mcp.json"
-  if [ ! -f "$__wogi_empty_mcp_config" ]; then
+  __wogi_empty_mcp_config="${WOGI_WORKSPACE_ROOT:-$(pwd)}/.workflow/state/worker-channel-only-mcp.json"
+  __wogi_member_mcp_path="$(pwd)/.mcp.json"
+  if command -v node >/dev/null 2>&1; then
+    # Use the dedicated helper (testable; see tests/flow-worker-mcp-strip.test.js).
+    # Extracts ONLY the wogi-workspace-channel entry from the worker's real
+    # .mcp.json so manager-side workspace_send_message dispatch keeps working.
+    __wogi_strip_helper=""
+    for __wogi_candidate in \
+      "$(dirname "$0")/../scripts/flow-worker-mcp-strip.js" \
+      "$(npm root -g 2>/dev/null)/wogiflow/scripts/flow-worker-mcp-strip.js" \
+      "$(pwd)/node_modules/wogiflow/scripts/flow-worker-mcp-strip.js"; do
+      if [ -f "$__wogi_candidate" ]; then
+        __wogi_strip_helper="$__wogi_candidate"
+        break
+      fi
+    done
+    if [ -n "$__wogi_strip_helper" ]; then
+      node "$__wogi_strip_helper" "$__wogi_member_mcp_path" "$__wogi_empty_mcp_config" 2>/dev/null || __wogi_strip_mcp=0
+    else
+      # Helper not found — fall back to inline extraction (legacy code path
+      # for installs that pre-date the helper script).
+      node -e '
+        const fs = require("fs");
+        const path = require("path");
+        const [src, out] = process.argv.slice(1);
+        let channelEntry = null;
+        try {
+          if (fs.existsSync(src)) {
+            const cfg = JSON.parse(fs.readFileSync(src, "utf-8"));
+            const ws = cfg && cfg.mcpServers && cfg.mcpServers["wogi-workspace-channel"];
+            if (ws) channelEntry = ws;
+          }
+        } catch (_e) {}
+        const payload = channelEntry
+          ? { mcpServers: { "wogi-workspace-channel": channelEntry } }
+          : { mcpServers: {} };
+        fs.mkdirSync(path.dirname(out), { recursive: true });
+        const tmp = out + ".tmp." + process.pid;
+        fs.writeFileSync(tmp, JSON.stringify(payload, null, 2) + "\n");
+        fs.renameSync(tmp, out);
+      ' "$__wogi_member_mcp_path" "$__wogi_empty_mcp_config" 2>/dev/null || __wogi_strip_mcp=0
+    fi
+  else
+    # node missing — last-resort fallback. Empty config = manager dispatch
+    # will fail, but worker boot will still succeed.
     mkdir -p "$(dirname "$__wogi_empty_mcp_config")" 2>/dev/null
     printf '{"mcpServers":{}}\n' > "$__wogi_empty_mcp_config" 2>/dev/null || __wogi_strip_mcp=0
   fi

package/lib/workspace-messages.js

@@ -11,6 +11,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const { safeReadJson } = require('./utils');
+const { DANGEROUS_KEYS } = require('../scripts/flow-io');
 const crypto = require('node:crypto');
 
 // ============================================================
@@ -170,7 +171,7 @@ function updateMessageStatus(workspaceRoot, messageId, newStatus, extra = {}) {
     message.updatedAt = new Date().toISOString();
     // Safe merge: filter dangerous keys to prevent prototype pollution
     if (extra && typeof extra === 'object') {
-      const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+      // DANGEROUS_KEYS imported from scripts/flow-io canonical (audit dup-002 / wf-9fc4970b).
       for (const [key, value] of Object.entries(extra)) {
         if (!DANGEROUS_KEYS.has(key)) {
           message[key] = value;

package/lib/workspace.js

@@ -17,7 +17,7 @@
 
 const fs = require('node:fs');
 const path = require('node:path');
-const { safeJsonParse } = require('../scripts/flow-io');
+const { safeJsonParse, DANGEROUS_KEYS } = require('../scripts/flow-io');
 
 /**
  * wf-f747f993 — resolve the claude-spawning command for workspace sessions.
@@ -61,8 +61,8 @@ function resolveClaudeSpawnCommand(role, flags) {
 // Constants
 // ============================================================
 
-// Proto-pollution safe JSON parse (finding-007)
-const DANGEROUS_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+// Proto-pollution safe JSON parse (finding-007).
+// DANGEROUS_KEYS imported from scripts/flow-io canonical (audit dup-002 / wf-9fc4970b).
 function safeParseJson(str, fallback) {
   try {
     const obj = JSON.parse(str);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.29.0",
+  "version": "2.29.2",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -10,7 +10,7 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
+    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
     "test:syntax": "find scripts/ lib/ -name '*.js' -not -path '*/node_modules/*' -exec node --check {} +",
     "lint": "eslint scripts/ lib/ tests/",
     "lint:ci": "eslint scripts/ lib/ tests/ --max-warnings 0",

package/scripts/flow-config-loader.js

@@ -368,8 +368,9 @@ function invalidateConfigCache() {
 // Config Value Access
 // ============================================================
 
-// Dangerous property names that could lead to prototype pollution
-const DANGEROUS_CONFIG_PROPS = new Set(['__proto__', 'constructor', 'prototype']);
+// Dangerous property names that could lead to prototype pollution.
+// Consolidated to flow-io canonical (audit dup-002 / wf-9fc4970b).
+const { DANGEROUS_KEYS: DANGEROUS_CONFIG_PROPS } = require('./flow-io');
 
 /**
  * Validate config path doesn't contain dangerous property names

package/scripts/flow-correction-detector.js

@@ -16,6 +16,7 @@
  */
 
 const path = require('node:path');
+const { DANGEROUS_KEYS } = require('./flow-io');
 const {
   PATHS,
   safeJsonParse,
@@ -695,11 +696,11 @@ function loadPendingCorrections() {
 // SEC-005 fix (2026-04-13): recursive prototype-pollution check for
 // array-rooted JSON. Returns true if __proto__/constructor/prototype found.
 function hasDangerousKeys(value) {
-  const dangerous = new Set(['__proto__', 'constructor', 'prototype']);
+  // Consolidated to flow-io canonical DANGEROUS_KEYS (audit dup-002 / wf-9fc4970b).
   const visit = (node, depth) => {
     if (depth > 8 || node === null || typeof node !== 'object') return false;
     for (const key of Object.getOwnPropertyNames(node)) {
-      if (dangerous.has(key)) return true;
+      if (DANGEROUS_KEYS.has(key)) return true;
       if (visit(node[key], depth + 1)) return true;
     }
     return false;

package/scripts/flow-orchestrate-corrections.js

@@ -0,0 +1,158 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow — Auto-Correction Helpers (Story 14 / wf-d0937c83)
+ *
+ * Splits flow-orchestrate's autoCorrectCode into focused helpers:
+ *
+ *   - fixForbiddenImports       (section 1: doNotImport, default/combined/namespace forms)
+ *   - fixComponentPaths         (section 2: shadcn @/components/ui/X mapping)
+ *   - fixFeatureTypePaths       (section 3: ../types in /features/ files)
+ *   - fixNoExternalUtils        (section 4: @/lib/utils removal + formatCurrency inline + cn() unwrap)
+ *   - normalizeQuotes           (section 5: double-quote → single-quote when single dominates)
+ *   - cleanupEmptyImports       (section 6: empty `import {} from "..."` cleanup)
+ *   - collapseBlankLines        (section 7: 3+ blanks → 2)
+ *
+ * Each helper takes a `(code, ...args)` shape and returns
+ * `{ corrected, corrections }`. The orchestrator (flow-orchestrate.js
+ * `autoCorrectCode`) chains them in section order.
+ *
+ * Behavior is preserved verbatim from the pre-extraction implementation;
+ * pinned by characterization tests in
+ * `tests/flow-orchestrate-corrections.test.js` (Tier-3 integration test
+ * per the Cross-Story Integration Tier-3 Rule — feeds real input through
+ * the public `autoCorrectCode` API and asserts the output).
+ *
+ * Programmatic:
+ *   const c = require('./flow-orchestrate-corrections');
+ *   const { corrected, corrections } = c.fixForbiddenImports(code, ['React']);
+ */
+
+'use strict';
+
+function fixForbiddenImports(code, doNotImport) {
+  let corrected = code;
+  const corrections = [];
+  const list = Array.isArray(doNotImport) && doNotImport.length ? doNotImport : ['React'];
+  for (const forbidden of list) {
+    const defaultImportRegex = new RegExp(`^import ${forbidden} from ['"][^'"]+['"];?\\s*\\n?`, 'gm');
+    if (defaultImportRegex.test(corrected)) {
+      corrected = corrected.replace(defaultImportRegex, '');
+      corrections.push(`Removed forbidden import: ${forbidden}`);
+    }
+
+    const combinedImportRegex = new RegExp(`^import ${forbidden},\\s*(\\{[^}]+\\})\\s+from\\s+(['"][^'"]+['"])`, 'gm');
+    if (combinedImportRegex.test(corrected)) {
+      corrected = corrected.replace(combinedImportRegex, 'import $1 from $2');
+      corrections.push(`Removed ${forbidden} from combined import`);
+    }
+
+    const namespaceImportRegex = new RegExp(`^import \\* as ${forbidden} from ['"][^'"]+['"];?\\s*\\n?`, 'gm');
+    if (namespaceImportRegex.test(corrected)) {
+      corrected = corrected.replace(namespaceImportRegex, '');
+      corrections.push(`Removed namespace import: ${forbidden}`);
+    }
+  }
+  return { corrected, corrections };
+}
+
+function fixComponentPaths(code, componentPaths) {
+  let corrected = code;
+  const corrections = [];
+  const map = (componentPaths && typeof componentPaths === 'object') ? componentPaths : {};
+  const shadcnPattern = /@\/components\/ui\/(\w+)/g;
+  corrected = corrected.replace(shadcnPattern, (match, component) => {
+    const capitalName = component.charAt(0).toUpperCase() + component.slice(1);
+    const configPath = map[capitalName];
+    if (configPath) {
+      corrections.push(`Fixed import: ${match} → ${configPath}`);
+      return configPath;
+    }
+    return match;
+  });
+  return { corrected, corrections };
+}
+
+function fixFeatureTypePaths(code, filePath, typePaths) {
+  let corrected = code;
+  const corrections = [];
+  const paths = (typePaths && typeof typePaths === 'object') ? typePaths : { features: '../api/types' };
+  if (filePath && filePath.includes('/features/') && paths.features) {
+    const wrongPaths = ["'../types'", '"../types"', "'./types'", '"./types"'];
+    for (const wrong of wrongPaths) {
+      if (corrected.includes(wrong)) {
+        corrected = corrected.replace(new RegExp(wrong.replace(/['"]/g, '[\'"]'), 'g'), `'${paths.features}'`);
+        corrections.push('Fixed type import path');
+      }
+    }
+  }
+  return { corrected, corrections };
+}
+
+function fixNoExternalUtils(code, ctx) {
+  let corrected = code;
+  const corrections = [];
+  if (!(ctx && ctx.noExternalUtils && corrected.includes('@/lib/utils'))) {
+    return { corrected, corrections };
+  }
+
+  const hadFormatCurrency = corrected.includes('formatCurrency');
+  const hadCn = corrected.includes(' cn(') || corrected.includes(' cn`');
+
+  corrected = corrected.replace(/^import.*from ['"]@\/lib\/utils['"];?\s*\n?/gm, '');
+  corrections.push('Removed @/lib/utils import');
+
+  if (hadFormatCurrency) {
+    const formatCurrencyFn = `\nconst formatCurrency = (amount: number) =>\n  new Intl.NumberFormat('en-US', { style: 'currency', currency: 'USD' }).format(amount);\n`;
+    const lastImportMatch = corrected.match(/^import[^;]+;?\s*\n/gm);
+    if (lastImportMatch) {
+      const lastImport = lastImportMatch[lastImportMatch.length - 1];
+      const insertPos = corrected.lastIndexOf(lastImport) + lastImport.length;
+      corrected = corrected.slice(0, insertPos) + formatCurrencyFn + corrected.slice(insertPos);
+    }
+    corrections.push('Inlined formatCurrency');
+  }
+
+  if (hadCn) {
+    corrected = corrected.replace(/cn\((['"`][^'"`]+['"`])\)/g, '$1');
+    corrections.push('Removed cn() wrapper');
+  }
+
+  return { corrected, corrections };
+}
+
+function normalizeQuotes(code) {
+  let corrected = code;
+  const corrections = [];
+  const singleQuoteCount = (corrected.match(/from '/g) || []).length;
+  const doubleQuoteCount = (corrected.match(/from "/g) || []).length;
+  if (singleQuoteCount > doubleQuoteCount && doubleQuoteCount > 0) {
+    corrected = corrected.replace(/from "([^"]+)"/g, "from '$1'");
+    corrections.push('Normalized import quotes to single quotes');
+  }
+  return { corrected, corrections };
+}
+
+function cleanupEmptyImports(code) {
+  return {
+    corrected: code.replace(/^import\s*\{\s*\}\s*from\s*['"][^'"]+['"];?\s*\n?/gm, ''),
+    corrections: []
+  };
+}
+
+function collapseBlankLines(code) {
+  return {
+    corrected: code.replace(/\n{3,}/g, '\n\n'),
+    corrections: []
+  };
+}
+
+module.exports = {
+  fixForbiddenImports,
+  fixComponentPaths,
+  fixFeatureTypePaths,
+  fixNoExternalUtils,
+  normalizeQuotes,
+  cleanupEmptyImports,
+  collapseBlankLines
+};

package/scripts/flow-orchestrate.js

@@ -307,109 +307,28 @@ function autoCorrectCode(code, filePath, projectConfig = null) {
     return { corrected: code, corrections: [] };
   }
 
-  // Load project context from config if not provided
   const ctx = projectConfig?.projectContext ?? getProjectContext();
-
-  let corrected = code;
   const corrections = [];
 
-  // 1. Remove forbidden imports (from config, defaults to ['React'])
-  const doNotImport = ctx.doNotImport || ['React'];
-  for (const forbidden of doNotImport) {
-    // Case A: Default import - "import X from '...'"
-    const defaultImportRegex = new RegExp(`^import ${forbidden} from ['"][^'"]+['"];?\\s*\\n?`, 'gm');
-    if (defaultImportRegex.test(corrected)) {
-      corrected = corrected.replace(defaultImportRegex, '');
-      corrections.push(`Removed forbidden import: ${forbidden}`);
-    }
-
-    // Case B: Combined with named imports - "import X, { y, z } from '...'"
-    const combinedImportRegex = new RegExp(`^import ${forbidden},\\s*(\\{[^}]+\\})\\s+from\\s+(['"][^'"]+['"])`, 'gm');
-    if (combinedImportRegex.test(corrected)) {
-      corrected = corrected.replace(combinedImportRegex, 'import $1 from $2');
-      corrections.push(`Removed ${forbidden} from combined import`);
-    }
-
-    // Case C: Namespace import - "import * as X from '...'"
-    const namespaceImportRegex = new RegExp(`^import \\* as ${forbidden} from ['"][^'"]+['"];?\\s*\\n?`, 'gm');
-    if (namespaceImportRegex.test(corrected)) {
-      corrected = corrected.replace(namespaceImportRegex, '');
-      corrections.push(`Removed namespace import: ${forbidden}`);
-    }
-  }
-
-  // 2. Fix component paths based on config mappings
-  const componentPaths = ctx.componentPaths ?? {};
-
-  // Build reverse mapping from shadcn-style to project paths
-  // @/components/ui/button → project's Button path
-  const shadcnPattern = /@\/components\/ui\/(\w+)/g;
-  corrected = corrected.replace(shadcnPattern, (match, component) => {
-    const capitalName = component.charAt(0).toUpperCase() + component.slice(1);
-    const configPath = componentPaths[capitalName];
-    if (configPath) {
-      corrections.push(`Fixed import: ${match} → ${configPath}`);
-      return configPath;
-    }
-    return match; // Leave as-is if no mapping
-  });
-
-  // 3. Fix type paths for features (from config)
-  const typePaths = ctx.typePaths || { features: '../api/types' };
-  if (filePath && filePath.includes('/features/') && typePaths.features) {
-    const wrongPaths = ["'../types'", '"../types"', "'./types'", '"./types"'];
-    for (const wrong of wrongPaths) {
-      if (corrected.includes(wrong)) {
-        corrected = corrected.replace(new RegExp(wrong.replace(/['"]/g, '[\'"]'), 'g'), `'${typePaths.features}'`);
-        corrections.push('Fixed type import path');
-      }
-    }
-  }
-
-  // 4. Remove external utils if configured (noExternalUtils: true)
-  if (ctx.noExternalUtils && corrected.includes('@/lib/utils')) {
-    const hadFormatCurrency = corrected.includes('formatCurrency');
-    const hadCn = corrected.includes(' cn(') || corrected.includes(' cn`');
-
-    // Remove the import
-    corrected = corrected.replace(/^import.*from ['"]@\/lib\/utils['"];?\s*\n?/gm, '');
-    corrections.push('Removed @/lib/utils import');
-
-    // Inline formatCurrency if it was used
-    if (hadFormatCurrency) {
-      const formatCurrencyFn = `\nconst formatCurrency = (amount: number) =>\n  new Intl.NumberFormat('en-US', { style: 'currency', currency: 'USD' }).format(amount);\n`;
-      // Insert after imports
-      const lastImportMatch = corrected.match(/^import[^;]+;?\s*\n/gm);
-      if (lastImportMatch) {
-        const lastImport = lastImportMatch[lastImportMatch.length - 1];
-        const insertPos = corrected.lastIndexOf(lastImport) + lastImport.length;
-        corrected = corrected.slice(0, insertPos) + formatCurrencyFn + corrected.slice(insertPos);
-      }
-      corrections.push('Inlined formatCurrency');
-    }
+  // Lazy-load the helpers — avoids module-load-order issues with the
+  // legacy CLI bootstrap at the bottom of this file.
+  const c = require('./flow-orchestrate-corrections');
 
-    // Remove cn() usage - just use template literals or className directly
-    if (hadCn) {
-      corrected = corrected.replace(/cn\((['"`][^'"`]+['"`])\)/g, '$1');
-      corrections.push('Removed cn() wrapper');
-    }
-  }
-
-  // 5. Fix double-quoted imports to single quotes (style consistency)
-  const singleQuoteCount = (corrected.match(/from '/g) || []).length;
-  const doubleQuoteCount = (corrected.match(/from "/g) || []).length;
-  if (singleQuoteCount > doubleQuoteCount && doubleQuoteCount > 0) {
-    corrected = corrected.replace(/from "([^"]+)"/g, "from '$1'");
-    corrections.push('Normalized import quotes to single quotes');
+  let corrected = code;
+  for (const step of [
+    () => c.fixForbiddenImports(corrected, ctx.doNotImport),
+    () => c.fixComponentPaths(corrected, ctx.componentPaths),
+    () => c.fixFeatureTypePaths(corrected, filePath, ctx.typePaths),
+    () => c.fixNoExternalUtils(corrected, ctx),
+    () => c.normalizeQuotes(corrected),
+    () => c.cleanupEmptyImports(corrected),
+    () => c.collapseBlankLines(corrected)
+  ]) {
+    const r = step();
+    corrected = r.corrected;
+    if (r.corrections.length) corrections.push(...r.corrections);
   }
 
-  // 6. Remove empty import statements (artifact of removing imports)
-  corrected = corrected.replace(/^import\s*\{\s*\}\s*from\s*['"][^'"]+['"];?\s*\n?/gm, '');
-
-  // 7. Fix multiple consecutive blank lines (cleanup)
-  corrected = corrected.replace(/\n{3,}/g, '\n\n');
-
-  // Log corrections if any
   if (corrections.length > 0 && typeof log === 'function') {
     log('dim', `   🔧 Auto-corrected: ${corrections.join(', ')}`);
   }

package/scripts/flow-prompt-composer.js

@@ -16,6 +16,7 @@
 
 const fs = require('node:fs');
 const path = require('node:path');
+const { DANGEROUS_KEYS } = require('./flow-io');
 const {
   PROJECT_ROOT,
   parseFlags,
@@ -341,7 +342,7 @@ function applyTemplate(template, data) {
   }
 
   // Forbidden keys to prevent prototype pollution (case-insensitive)
-  const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+  // Consolidated to flow-io canonical (audit dup-002 / wf-9fc4970b).
 
   // Simple substitution: {{key}} or {{object.key}}
   return template.replace(/\{\{([^}]+)\}\}/g, (match, path) => {
@@ -351,7 +352,7 @@ function applyTemplate(template, data) {
     for (const key of keys) {
       // Prevent prototype pollution attacks (case-insensitive check)
       const keyLower = key.toLowerCase();
-      if (FORBIDDEN_KEYS.has(keyLower)) return match;
+      if (DANGEROUS_KEYS.has(keyLower)) return match;
       if (value === undefined || value === null) return match;
       // Only access own properties
       if (!Object.hasOwn(value, key)) return match;

package/scripts/flow-prompt-template.js

@@ -38,8 +38,9 @@ const MODEL_TEMPLATE_MAP = {
   'gemini-2-flash': 'gemini-flash.yaml'
 };
 
-// Blocked keys for security (prototype pollution prevention)
-const BLOCKED_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
+// Blocked keys for security (prototype pollution prevention).
+// Consolidated to flow-io canonical (audit dup-002 / wf-9fc4970b).
+const { DANGEROUS_KEYS: BLOCKED_KEYS } = require('./flow-io');
 
 // ============================================================
 // YAML Parser (lightweight, no dependency)

package/scripts/flow-worker-mcp-strip.js

@@ -0,0 +1,122 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow — Worker MCP Strip Helper
+ *
+ * Generates a channel-only MCP config for worker boot. This is the proper
+ * fix for the audit-channel-transport-001 regression: Story A originally
+ * wrote `{"mcpServers":{}}` (fully empty) for boot speed, which silently
+ * stripped the `wogi-workspace-channel` MCP server — leaving manager-side
+ * `workspace_send_message` HTTP-POSTs unable to reach the worker.
+ *
+ * This script reads the worker member-repo's real `.mcp.json`, extracts
+ * ONLY the `wogi-workspace-channel` entry, and writes a channel-only
+ * config to a destination path. Result:
+ *   - claude.ai MCP integrations remain stripped (Story A's boot-speed win)
+ *   - The workspace transport remains active (manager dispatch works)
+ *
+ * Fallback: if the source `.mcp.json` doesn't define
+ * `wogi-workspace-channel` (e.g. the worker isn't a workspace member),
+ * the destination is written with `{"mcpServers":{}}` — harmless in
+ * non-workspace contexts.
+ *
+ * Usage:
+ *   node flow-worker-mcp-strip.js <source-mcp.json> <dest-mcp.json>
+ *
+ * Programmatic:
+ *   const { extractChannelOnlyConfig, writeChannelOnlyConfig } =
+ *     require('./flow-worker-mcp-strip');
+ *   const cfg = extractChannelOnlyConfig(srcPath);
+ *   writeChannelOnlyConfig(destPath, cfg);
+ *
+ * Exit codes:
+ *   0 — success (channel-only or empty config written)
+ *   1 — write failure (caller should fall back to no-strip)
+ */
+
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const CHANNEL_SERVER_NAME = 'wogi-workspace-channel';
+
+/**
+ * Read the source `.mcp.json` and return the channel-only config object.
+ * Never throws; returns the empty-config fallback on any failure.
+ */
+function extractChannelOnlyConfig(sourcePath) {
+  const empty = { mcpServers: {} };
+  if (!sourcePath || typeof sourcePath !== 'string') return empty;
+  try {
+    if (!fs.existsSync(sourcePath)) return empty;
+    const raw = fs.readFileSync(sourcePath, 'utf-8');
+    const parsed = JSON.parse(raw);
+    if (!parsed || typeof parsed !== 'object' || !parsed.mcpServers) return empty;
+    const entry = parsed.mcpServers[CHANNEL_SERVER_NAME];
+    if (!entry || typeof entry !== 'object') return empty;
+    return { mcpServers: { [CHANNEL_SERVER_NAME]: entry } };
+  } catch (_err) {
+    return empty;
+  }
+}
+
+/**
+ * Atomically write the channel-only config to destPath. Returns true on
+ * success, false on failure (caller should fall back).
+ */
+function writeChannelOnlyConfig(destPath, config) {
+  if (!destPath || typeof destPath !== 'string') return false;
+  try {
+    fs.mkdirSync(path.dirname(destPath), { recursive: true });
+    const tmp = `${destPath}.tmp.${process.pid}.${Math.random().toString(36).slice(2, 8)}`;
+    fs.writeFileSync(tmp, JSON.stringify(config, null, 2) + '\n');
+    fs.renameSync(tmp, destPath);
+    return true;
+  } catch (_err) {
+    return false;
+  }
+}
+
+/**
+ * Whether the resulting config preserves the channel transport (i.e. the
+ * worker will be reachable from the manager). Useful for callers that want
+ * to log a warning if dispatch will silently fail.
+ */
+function preservesChannelTransport(config) {
+  return Boolean(
+    config &&
+    config.mcpServers &&
+    config.mcpServers[CHANNEL_SERVER_NAME] &&
+    typeof config.mcpServers[CHANNEL_SERVER_NAME] === 'object'
+  );
+}
+
+module.exports = {
+  CHANNEL_SERVER_NAME,
+  extractChannelOnlyConfig,
+  writeChannelOnlyConfig,
+  preservesChannelTransport
+};
+
+if (require.main === module) {
+  const [src, dest] = process.argv.slice(2);
+  if (!src || !dest) {
+    process.stderr.write('Usage: flow-worker-mcp-strip <source-mcp.json> <dest-mcp.json>\n');
+    process.exit(1);
+  }
+  const cfg = extractChannelOnlyConfig(src);
+  const ok = writeChannelOnlyConfig(dest, cfg);
+  if (!ok) {
+    process.stderr.write(`[flow-worker-mcp-strip] failed to write ${dest}\n`);
+    process.exit(1);
+  }
+  if (!preservesChannelTransport(cfg)) {
+    process.stderr.write(
+      `[flow-worker-mcp-strip] WARNING: ${src} did not define ${CHANNEL_SERVER_NAME} — ` +
+      `worker will boot but manager dispatch will fail. ` +
+      `Run "flow workspace init" in the workspace root to regenerate .mcp.json.\n`
+    );
+  }
+  process.exit(0);
+}