wogiflow 2.29.2 → 2.29.3

package/scripts/hooks/core/worker-boundary-gate.js

@@ -120,6 +120,49 @@ function isWorkspaceWorker() {
  * @param {Object} toolInput - { file_path } for Edit/Write
  * @returns {{ blocked: boolean, reason?: string, message?: string }}
  */
+// SEC-002 fix (2026-04-26): manager-side path discipline now derives member
+// state dirs from the actual workspace registry, not a hardcoded /members?/
+// regex. Workspaces with flat-sibling layouts (member dirs directly under
+// workspace root, no /members/ prefix) are now correctly enforced.
+//
+// Discovery is cached per-process for the WOGI_WORKSPACE_ROOT lifetime —
+// PreToolUse fires often, fs.readdir on every call would add latency.
+let _memberDirsCache = null;
+let _memberDirsCacheRoot = null;
+
+function discoverMemberStateDirs(root) {
+  if (_memberDirsCache && _memberDirsCacheRoot === root) return _memberDirsCache;
+  const fs = require('node:fs');
+  const path = require('node:path');
+  const out = [];
+  try {
+    const entries = fs.readdirSync(root, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      // Skip hidden dirs (.workspace, .git) and node_modules (mirrors
+      // discoverMembers() in lib/workspace.js).
+      if (entry.name.startsWith('.') || entry.name === 'node_modules') continue;
+      const stateDir = path.join(root, entry.name, '.workflow', 'state');
+      // Only include paths that actually have a .workflow/state/ subtree —
+      // these are the member repos. Other directories (e.g. shared/, docs/,
+      // dist/) are not workspace members.
+      try {
+        if (fs.existsSync(stateDir) && fs.statSync(stateDir).isDirectory()) {
+          out.push(stateDir + path.sep);
+        }
+      } catch (_e) { /* skip unreadable */ }
+    }
+  } catch (_err) { /* unreadable workspace root → empty list */ }
+  _memberDirsCache = out;
+  _memberDirsCacheRoot = root;
+  return out;
+}
+
+function _resetPathDisciplineCache() {
+  _memberDirsCache = null;
+  _memberDirsCacheRoot = null;
+}
+
 function checkPathDiscipline(toolName, toolInput) {
   if (!process.env.WOGI_WORKSPACE_ROOT) return { blocked: false };
   const writeTools = new Set(['Edit', 'Write', 'NotebookEdit']);
@@ -128,9 +171,8 @@ function checkPathDiscipline(toolName, toolInput) {
   if (typeof filePath !== 'string' || !filePath) return { blocked: false };
 
   const repo = process.env.WOGI_REPO_NAME || '';
-  const root = process.env.WOGI_WORKSPACE_ROOT;
-  const managerStateDir = `${root.replace(/\/+$/, '')}/.workspace/`;
-  const memberStateDirRegex = /\/members?\/[^/]+\/\.workflow\/state\//;
+  const root = process.env.WOGI_WORKSPACE_ROOT.replace(/\/+$/, '');
+  const managerStateDir = `${root}/.workspace/`;
 
   if (repo && repo !== 'manager') {
     if (filePath.startsWith(managerStateDir)) {
@@ -151,19 +193,27 @@ function checkPathDiscipline(toolName, toolInput) {
     }
   }
 
-  if (repo === 'manager' && memberStateDirRegex.test(filePath)) {
-    return {
-      blocked: true,
-      reason: 'path-discipline-manager',
-      message: [
-        `PATH DISCIPLINE: manager MUST NOT write to worker member-repo state.`,
-        ``,
-        `Blocked: ${filePath}`,
-        ``,
-        `Worker member-repos own their own .workflow/state/. Send a channel`,
-        `dispatch to the worker if state changes are needed there.`
-      ].join('\n')
-    };
+  if (repo === 'manager') {
+    // Match against EVERY discovered member's .workflow/state/ path —
+    // layout-independent. (SEC-002 fix; was hardcoded /members?/ regex)
+    const memberStateDirs = discoverMemberStateDirs(root);
+    for (const memberStateDir of memberStateDirs) {
+      if (filePath.startsWith(memberStateDir)) {
+        return {
+          blocked: true,
+          reason: 'path-discipline-manager',
+          message: [
+            `PATH DISCIPLINE: manager MUST NOT write to worker member-repo state.`,
+            ``,
+            `Blocked: ${filePath}`,
+            `Member: ${memberStateDir}`,
+            ``,
+            `Worker member-repos own their own .workflow/state/. Send a channel`,
+            `dispatch to the worker if state changes are needed there.`
+          ].join('\n')
+        };
+      }
+    }
   }
 
   return { blocked: false };
@@ -172,5 +222,6 @@ function checkPathDiscipline(toolName, toolInput) {
 module.exports = {
   checkWorkerBoundary,
   checkPathDiscipline,
+  _resetPathDisciplineCache,
   isWorkspaceWorker
 };

package/scripts/hooks/entry/claude-code/pre-tool-use.js

@@ -3,116 +3,38 @@
 /**
  * Wogi Flow - Claude Code PreToolUse Hook (Entry)
  *
- * Thin CLI-specific entry point. Parses input, wires dependencies, and calls
- * the shared pre-tool-orchestrator (see scripts/hooks/core/pre-tool-orchestrator.js).
+ * Thin CLI-specific entry point. Parses input, wires dependencies, and
+ * dispatches to the shared pre-tool-orchestrator.
  *
- * Extraction history (wf-94cc3b72 / TD-002): this file previously contained
- * the full 470-line gate cascade inline. The cascade now lives in the core
- * orchestrator so it can be unit-tested and reused by non-Claude-Code CLIs.
- *
- * v4.0: Added scope gating
- * v6.0: Added routing gate
- * v7.0: Orchestrator extraction (this file → ~70 LOC wiring layer)
+ * Extraction history:
+ *   v7.0  — Original 470-LOC inline gate cascade extracted to
+ *           scripts/hooks/core/pre-tool-orchestrator.js.
+ *   v8.0  — Audit Story 9 (wf-5e94e2c0, 2026-04-26): the lazy-loader
+ *           try/catch boilerplate (12 gate modules) extracted to
+ *           scripts/hooks/core/pre-tool-deps.js. Entry brought below the
+ *           ≤120 LOC three-layer rule.
  */
 
 'use strict';
 
-const { checkScopeGate } = require('../../core/scope-gate');
-const { checkComponentReuse } = require('../../core/component-check');
-const { checkTodoWriteGate } = require('../../core/todowrite-gate');
-const { checkRoutingGate, clearRoutingPending, hasActiveTask } = require('../../core/routing-gate');
-const { checkPhaseGate } = require('../../core/phase-gate');
-const { checkCommitLogGate } = require('../../core/commit-log-gate');
 const { runPreToolGates } = require('../../core/pre-tool-orchestrator');
-
-// Defensive lazy-loaders for gates that may be absent in older installs.
-// Fail-open (no-op shims) instead of crashing the entire PreToolUse hook.
-let recordPhaseRead = () => {}, checkPhaseReadGate = () => ({ blocked: false }), clearPhaseReads = () => {};
-try {
-  const prg = require('../../core/phase-read-gate');
-  recordPhaseRead = prg.recordPhaseRead;
-  checkPhaseReadGate = prg.checkPhaseReadGate;
-  clearPhaseReads = prg.clearPhaseReads;
-} catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Phase-read gate not loaded: ${_err.message}`); }
-
-let recordEvidenceRead = () => {}, checkSpecWriteGate = () => ({ blocked: false }), clearResearchEvidence = () => {};
-try {
-  const reg = require('../../core/research-evidence-gate');
-  recordEvidenceRead = reg.recordEvidenceRead;
-  checkSpecWriteGate = reg.checkSpecWriteGate;
-  clearResearchEvidence = reg.clearResearchEvidence;
-} catch (err) {
-  // CL-004: load failure for a gate file that SHOULD be present is a
-  // deployment issue worth surfacing even without DEBUG set. Silently
-  // shimming masks broken installs. Preserve fail-open (shims above)
-  // so the hook pipeline still works, but log to stderr so operators see it.
-  console.error(`[Hook] WARNING: Research-evidence gate failed to load — gate is disabled. ${err.message}`);
-}
-
-const _noop = () => ({ allowed: true, blocked: false });
-let checkDeployGate = _noop, checkWriteBlock = _noop;
-try { const dg = require('../../core/deploy-gate'); checkDeployGate = dg.checkDeployGate; checkWriteBlock = dg.checkWriteBlock; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Deploy gate not loaded: ${_err.message}`); }
-let checkStrikeGate = _noop;
-try { checkStrikeGate = require('../../core/strike-gate').checkStrikeGate; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Strike gate not loaded: ${_err.message}`); }
-let checkBugfixScope = _noop;
-try { checkBugfixScope = require('../../core/bugfix-scope-gate').checkBugfixScope; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Bugfix scope gate not loaded: ${_err.message}`); }
-let checkScopeMutation = _noop;
-try { checkScopeMutation = require('../../core/scope-mutation-gate').checkScopeMutation; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Scope mutation gate not loaded: ${_err.message}`); }
-let checkGitSafety = _noop;
-try { checkGitSafety = require('../../core/git-safety-gate').checkGitSafety; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Git safety gate not loaded: ${_err.message}`); }
-let checkManagerBoundary = _noop;
-try { checkManagerBoundary = require('../../core/manager-boundary-gate').checkManagerBoundary; } catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Manager boundary gate not loaded: ${_err.message}`); }
-let checkWorkerBoundary = _noop;
-let checkPathDiscipline = _noop;
-try {
-  const wbg = require('../../core/worker-boundary-gate');
-  checkWorkerBoundary = wbg.checkWorkerBoundary;
-  checkPathDiscipline = wbg.checkPathDiscipline;
-} catch (_err) { if (process.env.DEBUG) console.error(`[Hook] Worker boundary gate not loaded: ${_err.message}`); }
-
+const { loadGateDeps } = require('../../core/pre-tool-deps');
 const { claudeCodeAdapter } = require('../../adapters/claude-code');
-const { markSkillPending } = require('../../../flow-durable-session');
-const { getConfig } = require('../../../flow-utils');
-const { readHookStatus } = require('../../../flow-hook-status');
 const { runHook } = require('../shared/hook-runner');
 
-// Lazy-load strict adherence (avoids circular deps + startup cost).
-let _strictAdherence = null;
-function getStrictAdherence() {
-  if (!_strictAdherence) {
-    try {
-      _strictAdherence = require('../../../flow-strict-adherence');
-    } catch (_err) {
-      _strictAdherence = { isEnabled: () => false, validateCommand: () => ({ valid: true }), validateFileName: () => ({ valid: true }) };
-    }
-  }
-  return _strictAdherence;
-}
-
 runHook('PreToolUse', async ({ input, parsedInput }) => {
   const hookStart = process.hrtime.bigint();
 
   // Empty input — allow through
   if (!input || Object.keys(input).length === 0) {
-    return { __raw: true, continue: true, hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' } };
+    return {
+      __raw: true,
+      continue: true,
+      hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' }
+    };
   }
 
-  const deps = {
-    // Gates
-    checkScopeGate, checkComponentReuse, checkTodoWriteGate,
-    checkRoutingGate, clearRoutingPending, hasActiveTask,
-    checkPhaseGate, checkCommitLogGate,
-    recordPhaseRead, checkPhaseReadGate, clearPhaseReads,
-    recordEvidenceRead, checkSpecWriteGate, clearResearchEvidence,
-    checkDeployGate, checkWriteBlock,
-    checkStrikeGate, checkBugfixScope, checkScopeMutation,
-    checkGitSafety, checkManagerBoundary, checkWorkerBoundary, checkPathDiscipline,
-    // Side-effect helpers
-    markSkillPending,
-    // Config + runtime
-    getConfig, readHookStatus, getStrictAdherence,
-  };
-
+  const deps = loadGateDeps();
   const coreResult = runPreToolGates({ input, parsedInput }, deps);
 
   // Fast path (no transform needed — short-circuit to allow)
@@ -121,7 +43,11 @@ runHook('PreToolUse', async ({ input, parsedInput }) => {
       const elapsed = Number(process.hrtime.bigint() - hookStart) / 1e6;
       console.error(`[Hook] PreToolUse fast-path: ${elapsed.toFixed(1)}ms`);
     }
-    return { __raw: true, continue: true, hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' } };
+    return {
+      __raw: true,
+      continue: true,
+      hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'allow' }
+    };
   }
 
   if (coreResult.blocked) {

package/scripts/hooks/entry/claude-code/user-prompt-submit.js

@@ -14,6 +14,11 @@ const { setRoutingPending, clearRoutingPending, ROUTING_CLEARED_PATH } = require
 const { getPhaseContextPrompt } = require('../../core/phase-gate');
 const { buildOverdueContext } = require('../../core/overdue-dispatches');
 const { getDossierInjection } = require('../../core/feature-dossier-gate');
+const {
+  shouldForceExtractReview,
+  buildEnforcementMessage,
+  markLongInputPending
+} = require('../../core/long-input-enforcement');
 const { markSkillPending, loadDurableSession } = require('../../../flow-durable-session');
 const { captureCurrentPrompt } = require('../../../flow-prompt-capture');
 const { spawnBackgroundDetection } = require('../../../flow-correction-detector');
@@ -207,6 +212,34 @@ runHook('UserPromptSubmit', async ({ input, parsedInput }) => {
     }
   }
 
+  // P11.5 mechanical enforcement (2026-04-27): long-form prompts without
+  // source-link are forced through /wogi-extract-review. This is the
+  // mechanical layer that complements the methodology rule. Applies in
+  // worker mode (channel-dispatch with no source-link — wogi-hub failure
+  // shape) AND in any session that receives a long task-creating prompt
+  // without preserved source.
+  try {
+    const enforce = shouldForceExtractReview({ text: prompt, source });
+    if (enforce.forced) {
+      const msg = buildEnforcementMessage(enforce.reason, enforce.level);
+      coreResult = {
+        ...coreResult,
+        longInputEnforcement: msg
+      };
+      markLongInputPending({
+        level: enforce.level,
+        reason: enforce.reason,
+        promptPreview: typeof prompt === 'string' ? prompt.slice(0, 200) : '(non-string)',
+        source: source || null,
+        repoName: process.env.WOGI_REPO_NAME || null
+      });
+    }
+  } catch (err) {
+    if (process.env.DEBUG) {
+      console.error(`[Hook] Long-input enforcement check failed: ${err.message}`);
+    }
+  }
+
   return coreResult;
 }, {
   failMode: 'block',