wogiflow 2.29.8 → 2.30.0

package/.claude/commands/wogi-decide.md

@@ -105,6 +105,34 @@ Options:
 
 Use `AskUserQuestion` to present these options.
 
+### Step 2.5: Mechanical-Enforcement Check (wf-037f8d66)
+
+**Rules without mechanical enforcement are vibes.** Before writing any new rule, classify how it will be enforced:
+
+| Enforcement type | Examples | Reliability |
+|---|---|---|
+| **Mechanical gate** (PreToolUse/Stop hook, type system, lint rule, standards-checker pattern) | deferral-gate, research-evidence-gate, phase-read-gate, hook-three-layer LOC check, forbidden-patterns | High — agent cannot skip |
+| **Test assertion** (unit/integration test that fails on violation) | architectural test asserting no hardcoded paths | High — fails CI |
+| **Schema constraint** (config schema, JSON schema, Go type) | required fields, enum values | High — fails parse/compile |
+| **Vibes-only** (rule text in CLAUDE.md, decisions.md, or rule file with no mechanical check) | "use kebab-case", "prefer composition over inheritance", "always X / never Y" | **Low — agent skips it** |
+
+**The rule must declare its enforcement type.** If "vibes-only," call it out explicitly:
+
+> ⚠ This rule has no mechanical gate. It will be inconsistently enforced. To make it stick, propose one of:
+> - A standards-checker pattern in `.workflow/state/forbidden-patterns.json`
+> - A new gate in `scripts/hooks/core/`
+> - A unit test in `tests/`
+> - A type-system constraint
+>
+> Without one of those, expect the same class of violation to recur.
+
+**Anti-rationalization**:
+- "I'll just trust the AI to follow it" → WRONG. The reason this rule exists is the AI didn't follow it last time.
+- "It's documented in CLAUDE.md" → Documentation ≠ enforcement. Both can coexist.
+- "We can add the gate later" → "Later" is "never" for vibes-rules. Either commit to a gate now, or accept inconsistent enforcement.
+
+If user accepts vibes-only, proceed with the rule but tag it `enforcementType: "vibes-only"` in decisions.md so future audits surface it.
+
 ### Step 3: Assess Clarity
 
 Evaluate if the rule needs clarification. **Skip questions if the rule is already clear and specific.**

package/.claude/commands/wogi-learn.md

@@ -174,6 +174,7 @@ Given a pattern to promote:
    - Correction examples → Verification criteria
 
 3. **Delegate duplicate checking to `/wogi-decide --from-pattern`** which handles duplicate detection and the full rule-writing flow. This ensures a single source of truth for all rule-creation logic.
+   - **Note (wf-037f8d66)**: `/wogi-decide` Step 2.5 will require declaring the rule's enforcement type (mechanical gate / test / schema constraint / vibes-only). Patterns being promoted to rules MUST answer "what's the gate?" — if no mechanical enforcement exists, the rule is vibes-only and will not reliably enforce. The fact that this pattern recurred enough to be promoted is itself evidence that vibes-only didn't work.
 
 4. **Ask user for any additions:**
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.29.8",
+  "version": "2.30.0",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -10,7 +10,7 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
+    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-correction-detector-reconcile.test.js tests/flow-correction-backfill.test.js tests/flow-audit-gates-feature-output-health.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js tests/flow-standards-forbidden-patterns.test.js tests/flow-hooks-architect-required-gate.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
     "test:syntax": "find scripts/ lib/ -name '*.js' -not -path '*/node_modules/*' -exec node --check {} +",
     "lint": "eslint scripts/ lib/ tests/",
     "lint:ci": "eslint scripts/ lib/ tests/ --max-warnings 0",

package/scripts/flow-architect-pass.js

@@ -479,6 +479,20 @@ function recordTelemetry({ taskId, parseResult, gateResult, runCtx = {} }) {
       sessionId: runCtx.sessionId ?? null,
     },
   });
+
+  // wf-037f8d66: Write Architect-run marker for the architect-required PreToolUse gate.
+  // Marker proves Architect ran for this task — gate consults it before allowing
+  // Edit/Write/Bash in coding phase for L1+ tasks. Fail-open on any error.
+  if (taskId && (telemetryVerdict === 'PASS' || telemetryVerdict === 'PASS_WITH_NOTES')) {
+    try {
+      const archGate = require('./hooks/core/architect-required-gate');
+      archGate.writeArchitectRunMarker({
+        taskId,
+        model: runCtx.model || null,
+        plan: parseResult?.plan ? { sections: sectionsPresent } : null,
+      });
+    } catch (_err) { /* fail-open */ }
+  }
 }
 
 // ============================================================

package/scripts/flow-audit-gates.js

@@ -34,6 +34,7 @@ const fs = require('node:fs');
 const path = require('node:path');
 
 const { PATHS, safeJsonParse } = require('./flow-utils');
+const { safeJsonParseString } = require('./flow-io');
 
 // ============================================================
 // Score Cap Thresholds
@@ -641,6 +642,114 @@ function compareTrend(currentResults, previousAudit) {
 // Main: Run All Gates
 // ============================================================
 
+/**
+ * Gate: Feature Output Health (wf-6c58953a)
+ *
+ * Inspects DATA produced by features, not just CODE that produces it.
+ * Catches "silent feature no-op" — feature runs without errors, persists
+ * data, but the persisted data has all-null structured fields. This class
+ * is invisible to traditional code review/lint/typecheck/tests.
+ *
+ * Discovered 2026-05-09 when wogiflow-cli investigation found the
+ * correction-extractor was capturing user frustration but writing null
+ * structured fields. The /wogi-audit ran B+ and missed it because every
+ * agent inspects code, not output.
+ *
+ * Rule registry — explicit per-file checks, NOT a generic walker (per
+ * challenge round: blanket "all-null is bug" is false-positive city).
+ *
+ * @param {string} [projectRoot=PATHS.root] — project to inspect (default: current)
+ * @returns {Object} gate result with severity + findings
+ */
+function checkFeatureOutputHealth(projectRoot = PATHS.root) {
+  const findings = [];
+  const stateDir = path.join(projectRoot, '.workflow', 'state');
+  const corrDir = path.join(projectRoot, '.workflow', 'corrections');
+
+  // ---- Rule 1: pending-corrections.json null-fields ratio ----
+  // Note: pending-corrections.json is a top-level ARRAY, so safeJsonParse
+  // (which rejects arrays) won't work. Use file-read + safeJsonParseString.
+  const pcPath = path.join(stateDir, 'pending-corrections.json');
+  if (fs.existsSync(pcPath)) {
+    let records = [];
+    try {
+      const content = fs.readFileSync(pcPath, 'utf-8');
+      records = safeJsonParseString(content, []);
+    } catch (_err) { /* fail-open */ }
+    const arr = Array.isArray(records) ? records : [];
+    if (arr.length > 0) {
+      const nullCount = arr.filter(r =>
+        r && typeof r === 'object' &&
+        (r.whatWasWrong == null) &&
+        (r.whatUserWants == null)
+      ).length;
+      const ratio = nullCount / arr.length;
+      if (ratio >= 0.5) {
+        findings.push({
+          rule: 'pending-corrections-null-fields',
+          severity: ratio === 1 ? 'high' : 'medium',
+          message: `${nullCount}/${arr.length} (${Math.round(ratio * 100)}%) pending-corrections records have null structured fields. Likely correction-detector extraction failure. Run \`flow-correction-backfill\` or restore via Layer 2 enrichment.`,
+          evidence: `${path.relative(projectRoot, pcPath)}: ${arr.length} records analyzed; ${nullCount} fully null`
+        });
+      }
+    }
+  }
+
+  // ---- Rule 2: prompt-history × corrections cross-reference ----
+  // prompt-history.json is also typically a top-level array.
+  const phPath = path.join(stateDir, 'prompt-history.json');
+  if (fs.existsSync(phPath)) {
+    let ph = [];
+    try {
+      const content = fs.readFileSync(phPath, 'utf-8');
+      ph = safeJsonParseString(content, []);
+    } catch (_err) { /* fail-open */ }
+    const phArr = Array.isArray(ph) ? ph : (ph && Array.isArray(ph.prompts) ? ph.prompts : []);
+
+    // Frustration markers (regex per known-pattern set)
+    const frustrationRe = /\b(don'?t|stop|wait|actually|why did|why is|you keep|you always|fucking|seriously)\b/i;
+    let frustrationCount = 0;
+    for (const entry of phArr) {
+      if (!entry || typeof entry !== 'object') continue;
+      const text = entry.prompt || entry.text || entry.userMessage || '';
+      if (typeof text === 'string' && frustrationRe.test(text)) frustrationCount++;
+    }
+
+    let corrCount = 0;
+    if (fs.existsSync(corrDir)) {
+      try {
+        corrCount = fs.readdirSync(corrDir).filter(f => f.endsWith('.md')).length;
+      } catch (_err) { /* fail-open */ }
+    }
+
+    if (frustrationCount >= 3 && corrCount === 0) {
+      findings.push({
+        rule: 'prompt-history-vs-corrections-mismatch',
+        severity: 'high',
+        message: `prompt-history.json has ${frustrationCount} frustration markers but corrections/ is empty. Correction-extractor pipeline appears non-functional (captures input, fails to materialize records).`,
+        evidence: `prompt-history: ${frustrationCount} matches across ${phArr.length} entries; corrections/: ${corrCount} files`
+      });
+    }
+  }
+
+  // Determine overall gate severity
+  const hasHigh = findings.some(f => f.severity === 'high');
+  const hasMed = findings.some(f => f.severity === 'medium');
+  const severity = hasHigh ? 'high' : hasMed ? 'medium' : 'pass';
+
+  return {
+    gate: 'feature-output-health',
+    exists: true,
+    passed: findings.length === 0,
+    findings,
+    severity,
+    scoreCap: 100, // doesn't cap score directly; surfaces as audit findings
+    message: findings.length === 0
+      ? 'Feature output health: no issues detected'
+      : `Feature output health: ${findings.length} finding(s) — ${findings.map(f => f.rule).join(', ')}`
+  };
+}
+
 /**
  * Run all Gate 0 checks and return consolidated results.
  * @returns {Object} gate results with score cap
@@ -654,6 +763,7 @@ function runAllGates() {
   gates.push(checkLintConfigIntegrity());
   gates.push(checkTests());
   gates.push(checkScriptCompleteness());
+  gates.push(checkFeatureOutputHealth());
 
   const cap = calculateScoreCap(gates);
   const framework = detectFramework();
@@ -716,6 +826,14 @@ function main() {
       console.log(JSON.stringify(checkScriptCompleteness(), null, 2));
       break;
 
+    case 'feature-output-health': {
+      // Optional --project=<path> argument for cross-project audit
+      const projArg = process.argv.find(a => a.startsWith('--project='));
+      const projectRoot = projArg ? projArg.slice('--project='.length) : PATHS.root;
+      console.log(JSON.stringify(checkFeatureOutputHealth(projectRoot), null, 2));
+      break;
+    }
+
     case 'eslint-disable':
       console.log(JSON.stringify(countEslintDisables(), null, 2));
       break;
@@ -827,6 +945,7 @@ module.exports = {
   checkTests,
   parseTestErrorCount, // wf-e111d850: exposed for unit testing
   checkScriptCompleteness,
+  checkFeatureOutputHealth, // wf-6c58953a: feature output health gate
 
   // Extended checks
   countEslintDisables,

package/scripts/flow-correction-backfill.js

@@ -0,0 +1,148 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow — Pending-Corrections Backfill (wf-6c58953a)
+ *
+ * Backfills records in `.workflow/state/pending-corrections.json` that have
+ * null `whatWasWrong` / `whatUserWants` fields. The fix lands at code level
+ * (flow-correction-detector.js Layer 1+2 reconciliation), but historical
+ * records persisted before the fix already have null fields. This tool
+ * applies the same deterministic-fallback extraction retroactively.
+ *
+ * Strategy:
+ *   - Read pending-corrections.json
+ *   - For each record where userMessage is populated AND
+ *     (whatWasWrong is null OR whatUserWants is null)
+ *   - Apply deterministic extraction: whatWasWrong = first 200 chars of
+ *     userMessage; whatUserWants stays null (intent inference is an LLM job
+ *     — honest null > wrong guess; live extractor will populate going forward)
+ *   - Mark `enrichmentSource: "backfill-<date>"` so consumers can distinguish
+ *     backfilled from live extractions
+ *   - Atomic write: write-temp + rename
+ *
+ * Usage:
+ *   node scripts/flow-correction-backfill.js                        # current project
+ *   node scripts/flow-correction-backfill.js --project=<path>      # explicit project
+ *   node scripts/flow-correction-backfill.js --dry-run             # report only
+ */
+
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const { PATHS } = require('./flow-utils');
+const { safeJsonParseString } = require('./flow-io');
+const { deterministicWhatWasWrong } = require('./flow-correction-detector');
+
+const BACKFILL_DATE = new Date().toISOString().slice(0, 10); // YYYY-MM-DD
+
+/**
+ * Backfill a single project's pending-corrections.json.
+ *
+ * @param {string} projectRoot — project directory containing .workflow/
+ * @param {Object} [opts]
+ * @param {boolean} [opts.dryRun=false] — if true, return what WOULD change without writing
+ * @returns {{ found: number, backfilled: number, alreadyPopulated: number, written: boolean, path: string|null, dryRun: boolean }}
+ */
+function backfillPendingCorrections(projectRoot, opts = {}) {
+  const { dryRun = false } = opts;
+  const pcPath = path.join(projectRoot, '.workflow', 'state', 'pending-corrections.json');
+
+  const result = {
+    found: 0,
+    backfilled: 0,
+    alreadyPopulated: 0,
+    written: false,
+    path: null,
+    dryRun
+  };
+
+  if (!fs.existsSync(pcPath)) {
+    result.path = pcPath;
+    return result;
+  }
+
+  let content;
+  try {
+    content = fs.readFileSync(pcPath, 'utf-8');
+  } catch (err) {
+    throw new Error(`Cannot read pending-corrections at ${pcPath}: ${err.message}`);
+  }
+
+  const records = safeJsonParseString(content, []);
+  if (!Array.isArray(records)) {
+    throw new Error(`Expected array at ${pcPath}; got ${typeof records}`);
+  }
+
+  result.found = records.length;
+  result.path = pcPath;
+
+  let changed = false;
+  for (const r of records) {
+    if (!r || typeof r !== 'object') continue;
+    const userMsg = r.userMessage;
+    if (typeof userMsg !== 'string' || !userMsg.trim()) continue;
+
+    const needsFill = (r.whatWasWrong == null) && (r.whatUserWants == null);
+    if (!needsFill) {
+      result.alreadyPopulated += 1;
+      continue;
+    }
+
+    // Apply deterministic extraction (whatWasWrong only — whatUserWants
+    // stays null; intent inference is the live extractor's job going forward)
+    r.whatWasWrong = deterministicWhatWasWrong(userMsg);
+    r.enrichmentSource = `backfill-${BACKFILL_DATE}`;
+    result.backfilled += 1;
+    changed = true;
+  }
+
+  if (changed && !dryRun) {
+    // Atomic write: write-temp + rename
+    const tmpPath = `${pcPath}.tmp-${process.pid}`;
+    fs.writeFileSync(tmpPath, JSON.stringify(records, null, 2) + '\n');
+    fs.renameSync(tmpPath, pcPath);
+    result.written = true;
+  }
+
+  return result;
+}
+
+// ============================================================
+// CLI
+// ============================================================
+
+function main() {
+  const argv = process.argv.slice(2);
+  const projArg = argv.find(a => a.startsWith('--project='));
+  const dryRun = argv.includes('--dry-run');
+
+  const projectRoot = projArg ? projArg.slice('--project='.length) : PATHS.root;
+
+  let result;
+  try {
+    result = backfillPendingCorrections(projectRoot, { dryRun });
+  } catch (err) {
+    console.error(`Error: ${err.message}`);
+    process.exit(1);
+  }
+
+  console.log(JSON.stringify({
+    project: projectRoot,
+    pendingCorrectionsPath: result.path,
+    found: result.found,
+    backfilled: result.backfilled,
+    alreadyPopulated: result.alreadyPopulated,
+    written: result.written,
+    dryRun: result.dryRun
+  }, null, 2));
+}
+
+module.exports = {
+  backfillPendingCorrections
+};
+
+if (require.main === module) {
+  main();
+}

package/scripts/flow-correction-detector.js

@@ -329,14 +329,106 @@ function recordHybridTelemetry(verdict, runCtx = {}) {
   }
 }
 
+// ============================================================================
+// Layer 1 + Layer 2 Reconciliation (wf-6c58953a)
+// ============================================================================
+
+/**
+ * Deterministic fallback for `whatWasWrong` — preserves the user's literal
+ * frustration text when LLM extraction is unavailable or fails. Better than
+ * null: a 200-char excerpt is honest signal; null is data loss.
+ *
+ * @param {string} message — user message
+ * @returns {string|null}
+ */
+function deterministicWhatWasWrong(message) {
+  if (typeof message !== 'string') return null;
+  const trimmed = message.trim();
+  if (!trimmed) return null;
+  return trimmed.slice(0, 200);
+}
+
+/**
+ * Reconcile Layer 1 (keyword classifier) + Layer 2 (Haiku LLM) results.
+ *
+ * Pre-fix bug: Layer 1 returned `{whatWasWrong: null, whatUserWants: null}`
+ * when keyword matched, never calling Layer 2. The user's actual frustration
+ * was captured but structured fields stayed null — silent feature no-op.
+ *
+ * Post-fix design:
+ *   - Layer 1 hit + Layer 2 success: trust Layer 1's classification (high-
+ *     precision keyword match), use Layer 2's strings if non-null else
+ *     deterministic fallback. Record `llmDisagreed` if Layer 2 said
+ *     `isCorrection: false` (e.g., user said "I'm just asking a question").
+ *   - Layer 1 hit + Layer 2 fail/skip: deterministic fallback for `whatWasWrong`
+ *     (first 200 chars). `whatUserWants` stays null (intent inference is an
+ *     LLM job; honest null > wrong guess).
+ *   - Layer 1 miss + Layer 2 success: Layer 2 is primary classifier (existing path).
+ *   - Both miss: not a correction.
+ *
+ * Pure function — testable in isolation, no LLM mock needed.
+ *
+ * @param {Object|null} layer1 — Layer 1 result {isCorrection, confidence, correctionType, method, matchedPattern}
+ * @param {Object|null} layer2 — Layer 2 (LLM) result {isCorrection, confidence, correctionType, whatWasWrong, whatUserWants}
+ * @param {string} trimmed — trimmed user message (for deterministic fallback)
+ * @returns {Object|null} reconciled record OR null if not a correction
+ */
+function reconcileExtraction(layer1, layer2, trimmed) {
+  // Both layers ran
+  if (layer1 && layer2) {
+    const what = layer2.whatWasWrong || deterministicWhatWasWrong(trimmed);
+    const wants = layer2.whatUserWants || null;
+    return {
+      isCorrection: true, // Layer 1 high-precision keyword match wins binary
+      confidence: layer1.confidence,
+      correctionType: layer1.correctionType || layer2.correctionType || 'behavior',
+      whatWasWrong: what,
+      whatUserWants: wants,
+      method: 'keyword+ai',
+      matchedPattern: layer1.matchedPattern,
+      enrichmentSource: layer2.whatWasWrong ? 'haiku' : 'deterministic-fallback',
+      llmDisagreed: layer2.isCorrection === false,
+    };
+  }
+  // Layer 1 only (Layer 2 unavailable: no API key, network error, etc.)
+  if (layer1) {
+    return {
+      isCorrection: true,
+      confidence: layer1.confidence,
+      correctionType: layer1.correctionType || 'behavior',
+      whatWasWrong: deterministicWhatWasWrong(trimmed),
+      whatUserWants: null,
+      method: layer1.method,
+      matchedPattern: layer1.matchedPattern,
+      enrichmentSource: 'deterministic-fallback',
+    };
+  }
+  // Layer 2 only (Layer 1 missed)
+  if (layer2 && layer2.isCorrection) {
+    return {
+      isCorrection: true,
+      confidence: layer2.confidence,
+      correctionType: layer2.correctionType || null,
+      whatWasWrong: layer2.whatWasWrong || null,
+      whatUserWants: layer2.whatUserWants || null,
+      method: 'ai',
+      enrichmentSource: 'haiku',
+    };
+  }
+  // Both missed → not a correction
+  return null;
+}
+
 // ============================================================================
 // AI-Based Detection (Haiku — language-agnostic)
 // ============================================================================
 
 /**
  * Detect if a message is a correction using Claude Haiku.
- * This is the ONLY detection method — no regex fallback.
- * Works in any language.
+ * Hybrid: Layer 1 keyword classifier (fast) + Layer 2 Haiku enrichment.
+ *
+ * wf-6c58953a (2026-05-09): Layer 1 hit no longer short-circuits structured
+ * extraction. See reconcileExtraction() for the post-fix design rationale.
  *
  * @param {string} userMessage - The user's message
  * @param {string} previousContext - Summary of what the AI was doing
@@ -354,8 +446,12 @@ async function detectCorrection(userMessage, previousContext = '') {
     return { isCorrection: false, confidence: 0, method: 'skipped', reason: 'length-filter' };
   }
 
-  // Layer 1 (wf-e6d65edf) — keyword pre-classifier. Skips Haiku entirely on a hit.
+  // Layer 1 (wf-e6d65edf) — keyword pre-classifier.
+  // wf-6c58953a: NO longer short-circuits structured extraction. Layer 1's
+  // classification is captured; reconcile with Layer 2 (or deterministic
+  // fallback when Layer 2 unavailable) at end.
   const hybridCfg = getHybridConfig();
+  let layer1Result = null;
   if (hybridCfg.hybridEnabled) {
     const matched = findKeywordMatch(trimmed);
     if (matched) {
@@ -368,12 +464,10 @@ async function detectCorrection(userMessage, previousContext = '') {
         confidence: conf,
         durationMs: Date.now() - start,
       });
-      return {
+      layer1Result = {
         isCorrection: true,
         confidence: conf,
         correctionType: 'behavior',
-        whatWasWrong: null,
-        whatUserWants: null,
         method: 'keyword',
         matchedPattern: matched.phrase,
       };
@@ -383,6 +477,10 @@ async function detectCorrection(userMessage, previousContext = '') {
   // Check if API key is available
   const apiKey = process.env.ANTHROPIC_API_KEY;
   if (!apiKey) {
+    // wf-6c58953a: Layer 1 hit + no API key → deterministic fallback (not null)
+    if (layer1Result) {
+      return reconcileExtraction(layer1Result, null, trimmed);
+    }
     return { isCorrection: false, confidence: 0, method: 'skipped', reason: 'no-api-key' };
   }
 
@@ -492,11 +590,19 @@ Respond with JSON only (no markdown, no explanation):
       durationMs: Date.now() - start,
     });
 
+    // wf-6c58953a: reconcile Layer 1 + Layer 2 (or just Layer 2 if Layer 1 missed)
+    const reconciled = reconcileExtraction(layer1Result, aiResult, trimmed);
+    if (reconciled) return reconciled;
+    // Both layers say no-correction
     return aiResult;
   } catch (err) {
     if (process.env.DEBUG) {
       console.error(`[DEBUG] AI correction detection failed: ${err.message}`);
     }
+    // wf-6c58953a: Layer 2 failure with Layer 1 hit → deterministic fallback
+    if (layer1Result) {
+      return reconcileExtraction(layer1Result, null, trimmed);
+    }
     return { isCorrection: false, confidence: 0, method: 'ai', reason: err.message };
   }
 }
@@ -1295,11 +1401,15 @@ function correlateWithPriorGates(correction) {
 // ============================================================================
 
 module.exports = {
-  // Detection (AI-only)
+  // Detection (hybrid Layer 1 + Layer 2)
   detectCorrection,
   batchAnalyzePrompts,
   spawnBackgroundDetection,
 
+  // wf-6c58953a: reconciliation helpers exposed for unit testing + backfill
+  reconcileExtraction,
+  deterministicWhatWasWrong,
+
   // Queue management
   loadPendingCorrections,
   queuePendingCorrection,

package/scripts/flow-standards-checker.js

@@ -77,23 +77,23 @@ const MATCH_LEVEL_SEVERITY = {
 };
 
 // Task type to check type mapping for smart scoping
-// wf-00c5067b: 'hook-three-layer' added to all task types — entry-file LOC
-// + import-count rule (per .claude/rules/architecture/hook-three-layer.md)
-// is universally applicable; the exemption list in config covers known
-// pre-extraction violators (see ARCH-001, ARCH-002 in .workflow/state/last-audit.json).
+// wf-00c5067b: 'hook-three-layer' added — entry-file LOC + import-count rule.
+// wf-037f8d66: 'forbidden-patterns' added — declarative project-specific
+// patterns (agnosticism rules, no-hardcoding rules, etc.) loaded from
+// .workflow/state/forbidden-patterns.json. Empty file = no-op.
 const TASK_CHECK_MAP = {
-  'component': ['naming', 'components', 'security', 'hook-three-layer'],
-  'utility': ['naming', 'functions', 'security', 'hook-three-layer'],
-  'api': ['naming', 'api', 'security', 'hook-three-layer'],
-  'feature': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'],
-  'bugfix': ['naming', 'security', 'hook-three-layer'],
-  'refactor': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'],
-  'story': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'],
-  'default': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer']
+  'component': ['naming', 'components', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'utility': ['naming', 'functions', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'api': ['naming', 'api', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'feature': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'bugfix': ['naming', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'refactor': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'story': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'default': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns']
 };
 
 // All available check types
-const ALL_CHECK_TYPES = ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'];
+const ALL_CHECK_TYPES = ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'];
 
 // ============================================================================
 // Parse Standards Files
@@ -639,6 +639,140 @@ function checkHookThreeLayer(file, hookThreeLayerConfig = {}) {
   return violations;
 }
 
+/**
+ * wf-037f8d66 — Check forbidden patterns from project's declarative rule pack.
+ *
+ * Projects declare their forbidden patterns in `.workflow/state/forbidden-patterns.json`.
+ * This is the GENERIC, DATA-DRIVEN counterpart to checkSecurityPatterns (which is
+ * source-coded). Projects can encode "agnosticism" rules, "no-hardcoding" rules,
+ * "no-claude-code-literal-outside-docs" rules, etc., without modifying the checker.
+ *
+ * Format (forbidden-patterns.json):
+ *   [
+ *     {
+ *       "id": "no-claude-code-literal",
+ *       "pattern": "['\"]claude-code['\"]",      // RegExp source string
+ *       "flags": "g",                             // optional, defaults to 'g'
+ *       "exemptions": ["docs/**", "*.md", "reference/**"],
+ *       "severity": "must-fix",                   // 'must-fix' | 'warning'
+ *       "message": "wogiflow-cli is agnostic; ..."
+ *     }
+ *   ]
+ *
+ * @param {Object} file — { path, content }
+ * @param {Object[]} patterns — array of pattern entries
+ * @returns {Object[]} violations
+ */
+function checkForbiddenPatterns(file, patterns) {
+  const violations = [];
+  if (!Array.isArray(patterns) || patterns.length === 0) return violations;
+
+  const content = file.content || '';
+  const relPath = file.path.startsWith('/')
+    ? path.relative(PATHS.root, file.path)
+    : file.path;
+
+  for (const entry of patterns) {
+    if (!entry || typeof entry !== 'object') continue;
+    if (!entry.pattern || typeof entry.pattern !== 'string') continue;
+
+    // Exemption check (glob match against relative path)
+    const exemptions = Array.isArray(entry.exemptions) ? entry.exemptions : [];
+    const exempted = exemptions.some(glob => globMatch(relPath, glob));
+    if (exempted) continue;
+
+    // Compile regex
+    let re;
+    try {
+      const flags = entry.flags && typeof entry.flags === 'string' ? entry.flags : 'g';
+      re = new RegExp(entry.pattern, flags);
+    } catch (_err) {
+      // Invalid regex — skip (don't crash check)
+      continue;
+    }
+
+    // Match
+    let match;
+    re.lastIndex = 0;
+    while ((match = re.exec(content)) !== null) {
+      const before = content.substring(0, match.index);
+      const lineNumber = (before.match(/\n/g) || []).length + 1;
+      violations.push({
+        type: 'forbidden-pattern',
+        severity: entry.severity === 'warning' ? 'warning' : 'must-fix',
+        file: file.path,
+        line: lineNumber,
+        message: entry.message || `Forbidden pattern matched: ${entry.id || entry.pattern}`,
+        rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+      });
+
+      // Avoid infinite loop on zero-length matches
+      if (match.index === re.lastIndex) re.lastIndex++;
+    }
+  }
+
+  return violations;
+}
+
+/**
+ * Minimal glob-to-regex matcher for forbidden-pattern exemptions.
+ * Supports: `**` (any depth), `*` (no path separator), exact match.
+ * Per security-patterns.md §4: use `[^/]*` not `.*` to prevent path
+ * separator matching in `*` (only `**` should cross directories).
+ */
+function globMatch(filePath, glob) {
+  const normalized = filePath.replace(/\\/g, '/');
+  // Build regex from glob
+  let re = '^';
+  let i = 0;
+  while (i < glob.length) {
+    const c = glob[i];
+    if (c === '*' && glob[i + 1] === '*') {
+      // ** matches anything including separators
+      re += '.*';
+      i += 2;
+      // Skip a following / so '**/foo' matches both 'foo' and 'a/b/foo'
+      if (glob[i] === '/') i++;
+    } else if (c === '*') {
+      re += '[^/]*';
+      i++;
+    } else if (c === '?') {
+      re += '[^/]';
+      i++;
+    } else if ('.^$+(){}[]|\\'.includes(c)) {
+      re += '\\' + c;
+      i++;
+    } else {
+      re += c;
+      i++;
+    }
+  }
+  re += '$';
+  try {
+    return new RegExp(re).test(normalized);
+  } catch (_err) {
+    return false;
+  }
+}
+
+/**
+ * Load forbidden-patterns.json from project state dir.
+ * @returns {Object[]} pattern entries (empty array if missing/invalid)
+ */
+function loadForbiddenPatterns(projectRoot) {
+  const root = projectRoot || PATHS.root;
+  const filePath = path.join(root, '.workflow', 'state', 'forbidden-patterns.json');
+  if (!fs.existsSync(filePath)) return [];
+  try {
+    const raw = fs.readFileSync(filePath, 'utf-8');
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed)) return [];
+    return parsed;
+  } catch (_err) {
+    return [];
+  }
+}
+
 function checkApiDuplication(file, existingEndpoints, matchConfig) {
   const violations = [];
   const content = file.content || '';
@@ -1090,6 +1224,8 @@ function runStandardsCheck(files, options = {}) {
   const functions = checksToRun.includes('functions') ? parseFunctionMap() : [];
   const endpoints = checksToRun.includes('api') ? parseApiMap() : [];
   const rulesFiles = checksToRun.includes('security') ? loadRulesDir() : [];
+  // wf-037f8d66: load forbidden-patterns.json (empty array if missing)
+  const forbiddenPatterns = checksToRun.includes('forbidden-patterns') ? loadForbiddenPatterns() : [];
 
   // Load schema/service registries if needed
   const schemas = checksToRun.includes('schemas') ? parseSchemaMap() : [];
@@ -1115,7 +1251,8 @@ function runStandardsCheck(files, options = {}) {
     'service-map.md': { checked: checksToRun.includes('services') && services.length > 0, violations: 0 },
     'naming-conventions': { checked: checksToRun.includes('naming'), violations: 0 },
     'security-patterns': { checked: checksToRun.includes('security'), violations: 0 },
-    'hook-three-layer': { checked: checksToRun.includes('hook-three-layer'), violations: 0 }
+    'hook-three-layer': { checked: checksToRun.includes('hook-three-layer'), violations: 0 },
+    'forbidden-patterns': { checked: checksToRun.includes('forbidden-patterns') && forbiddenPatterns.length > 0, violations: 0 }
   };
 
   for (const file of files) {
@@ -1181,6 +1318,13 @@ function runStandardsCheck(files, options = {}) {
       allViolations.push(...hookViolations);
       checksSummary['hook-three-layer'].violations += hookViolations.length;
     }
+
+    // Forbidden patterns from project rule pack (wf-037f8d66)
+    if (checksToRun.includes('forbidden-patterns') && forbiddenPatterns.length > 0) {
+      const fpViolations = checkForbiddenPatterns(file, forbiddenPatterns);
+      allViolations.push(...fpViolations);
+      checksSummary['forbidden-patterns'].violations += fpViolations.length;
+    }
   }
 
   // Count must-fix violations
@@ -1415,6 +1559,9 @@ module.exports = {
   checkRegistryDuplication,
   checkSecurityPatterns,
   checkHookThreeLayer,
+  checkForbiddenPatterns, // wf-037f8d66: declarative project rule pack
+  loadForbiddenPatterns, // wf-037f8d66: exposed for tests + external use
+  globMatch, // wf-037f8d66: exposed for unit testing
   extractDeclaredNames,
   discoverAllRegistries,
   collectReuseCandidates,

package/scripts/hooks/core/architect-required-gate.js

@@ -0,0 +1,175 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - Architect-Required Gate (wf-037f8d66)
+ *
+ * Closes the methodology gap where the IGR Architect/Adversary pass at
+ * spec_review IS specced (per .claude/docs/phases/02-spec.md) but enforcement
+ * is prompt-only — the agent can skip Architect and go straight to coding.
+ *
+ * This gate fires on Edit/Write during the `coding` phase for L1+ tasks when
+ * config.intentGroundedReasoning.enabled is true and no evidence of an
+ * Architect run exists for the current task.
+ *
+ * Evidence marker: `.workflow/state/architect-runs/<task-id>.json` written
+ * by flow-architect-pass.js on successful completion.
+ *
+ * Scope:
+ *   - L0 (epic) / L1 (story) tasks: Architect required → gate enforces
+ *   - L2 / L3 tasks: skip spec_review entirely (correctly) → gate is a no-op
+ *
+ * Fail-open: any error reading state/config → allow tool call. Same pattern
+ * as research-evidence-gate.js.
+ */
+
+const path = require('node:path');
+const fs = require('node:fs');
+const { PATHS } = require('../../flow-utils');
+
+const ARCHITECT_RUNS_DIR = path.join(PATHS.state, 'architect-runs');
+
+/**
+ * Compute path to the Architect-run evidence marker for a task.
+ */
+function getArchitectRunPath(taskId) {
+  if (!taskId || typeof taskId !== 'string') return null;
+  return path.join(ARCHITECT_RUNS_DIR, `${taskId}.json`);
+}
+
+/**
+ * Write an Architect-run evidence marker. Called by flow-architect-pass.js
+ * on successful completion. Atomic write-temp + rename.
+ *
+ * @param {Object} payload — { taskId, completedAt, model, plan }
+ * @returns {{ written: boolean, path: string|null }}
+ */
+function writeArchitectRunMarker(payload) {
+  if (!payload || !payload.taskId) {
+    return { written: false, path: null };
+  }
+  try {
+    if (!fs.existsSync(ARCHITECT_RUNS_DIR)) {
+      fs.mkdirSync(ARCHITECT_RUNS_DIR, { recursive: true });
+    }
+    const filePath = getArchitectRunPath(payload.taskId);
+    const tmpPath = `${filePath}.tmp-${process.pid}`;
+    fs.writeFileSync(tmpPath, JSON.stringify({
+      taskId: payload.taskId,
+      completedAt: payload.completedAt || new Date().toISOString(),
+      model: payload.model || null,
+      plan: payload.plan || null
+    }, null, 2));
+    fs.renameSync(tmpPath, filePath);
+    return { written: true, path: filePath };
+  } catch (_err) {
+    return { written: false, path: null };
+  }
+}
+
+/**
+ * Check whether an Architect run is recorded for a given task.
+ * @param {string} taskId
+ * @returns {boolean}
+ */
+function hasArchitectRun(taskId) {
+  const p = getArchitectRunPath(taskId);
+  if (!p) return false;
+  try {
+    return fs.existsSync(p);
+  } catch (_err) {
+    return false;
+  }
+}
+
+/**
+ * Determine whether the current task requires Architect (L1+ only).
+ * @param {Object} taskMeta — task record from ready.json (has level, type)
+ * @returns {boolean}
+ */
+function requiresArchitect(taskMeta) {
+  if (!taskMeta || typeof taskMeta !== 'object') return false;
+  const level = (taskMeta.level || '').toUpperCase();
+  // L0 (epic) and L1 (story) require Architect.
+  // L2 (task) / L3 (subtask) bypass spec_review correctly.
+  return level === 'L0' || level === 'L1';
+}
+
+/**
+ * Read whether the gate is enabled from config.
+ * Default: enabled when IGR is enabled.
+ */
+function isGateEnabled(config) {
+  const igr = config?.intentGroundedReasoning;
+  if (!igr || igr.enabled === false) return false;
+  // Explicit toggle on the gate itself overrides
+  if (config?.architectRequiredGate?.enabled === false) return false;
+  return true;
+}
+
+/**
+ * Main gate check.
+ *
+ * @param {Object} ctx — { phase, taskId, taskMeta, config, toolName }
+ * @returns {{ blocked: boolean, reason?: string, message?: string }}
+ */
+function checkArchitectRequired(ctx) {
+  const { phase, taskId, taskMeta, config, toolName } = ctx || {};
+
+  // Only fires on tools that mutate state (Edit/Write/Bash/TodoWrite)
+  const mutationTools = new Set(['Edit', 'Write', 'TodoWrite', 'Bash']);
+  if (!toolName || !mutationTools.has(toolName)) {
+    return { blocked: false };
+  }
+
+  // Only fires during coding phase
+  if (phase !== 'coding') {
+    return { blocked: false };
+  }
+
+  // Gate disabled (or IGR off)
+  if (!isGateEnabled(config)) {
+    return { blocked: false };
+  }
+
+  // No active task → not in scope (gate doesn't apply)
+  if (!taskId) {
+    return { blocked: false };
+  }
+
+  // L2/L3 tasks bypass spec_review correctly — gate is a no-op
+  if (!requiresArchitect(taskMeta)) {
+    return { blocked: false };
+  }
+
+  // Check for evidence marker
+  if (hasArchitectRun(taskId)) {
+    return { blocked: false };
+  }
+
+  // Block: Architect required but no evidence
+  return {
+    blocked: true,
+    reason: 'architect-required',
+    message: [
+      `ARCHITECT-REQUIRED GATE: task ${taskId} is L1+ in coding phase but no `,
+      `Architect run is recorded at ${getArchitectRunPath(taskId)}.\n\n`,
+      `Per .claude/docs/phases/02-spec.md Step 1.55, L1+ tasks must run an `,
+      `Architect pass before coding. Invoke:\n\n`,
+      `  node scripts/flow-architect-pass.js run --task=${taskId}\n\n`,
+      `Then retry your edit. To opt out for this task only, set `,
+      `config.architectRequiredGate.enabled = false (project-level), or use `,
+      `\`flow architect-skip --task=${taskId} --reason="..."\` (single-task escape; `,
+      `not yet implemented — opens follow-up wf if needed).`
+    ].join('')
+  };
+}
+
+module.exports = {
+  checkArchitectRequired,
+  writeArchitectRunMarker,
+  hasArchitectRun,
+  requiresArchitect,
+  getArchitectRunPath,
+  isGateEnabled,
+  ARCHITECT_RUNS_DIR
+};

package/scripts/hooks/core/pre-tool-deps.js

@@ -58,6 +58,15 @@ function loadGateDeps() {
     if (process.env.DEBUG) console.error(`[Hook] Phase-read gate not loaded: ${_err.message}`);
   }
 
+  // wf-037f8d66: Architect-required gate (mechanical Layer 2 enforcement)
+  let checkArchitectRequired = () => ({ blocked: false });
+  try {
+    const arg = require('./architect-required-gate');
+    checkArchitectRequired = arg.checkArchitectRequired;
+  } catch (_err) {
+    if (process.env.DEBUG) console.error(`[Hook] Architect-required gate not loaded: ${_err.message}`);
+  }
+
   let recordEvidenceRead = () => {};
   let checkSpecWriteGate = _phaseNoop;
   let clearResearchEvidence = () => {};
@@ -168,6 +177,7 @@ function loadGateDeps() {
     checkRoutingGate, clearRoutingPending, hasActiveTask,
     checkPhaseGate, checkCommitLogGate,
     recordPhaseRead, checkPhaseReadGate, clearPhaseReads,
+    checkArchitectRequired, // wf-037f8d66
     recordEvidenceRead, checkSpecWriteGate, clearResearchEvidence,
     checkDeployGate, checkWriteBlock,
     checkStrikeGate, checkBugfixScope, checkScopeMutation,

package/scripts/hooks/core/pre-tool-orchestrator.js

@@ -118,6 +118,51 @@ function runPreToolGates(ctx, deps) {
     }
   }
 
+  // Architect-required gate (wf-037f8d66)
+  // L1+ tasks in coding phase must have run Architect/Adversary before any Edit/Write/Bash.
+  // L2/L3 tasks bypass spec_review entirely (correctly), so the gate is a no-op there.
+  // Fail-open on any error.
+  if (typeof deps.checkArchitectRequired === 'function' &&
+      (toolName === 'Edit' || toolName === 'Write' || toolName === 'Bash' || toolName === 'TodoWrite')) {
+    try {
+      // Resolve current phase + task meta from active state
+      const flowUtils = require('../../flow-utils');
+      const flowIo = require('../../flow-io');
+      let phase = 'idle';
+      let taskId = null;
+      let taskMeta = null;
+      try {
+        const phaseStatePath = path.join(flowUtils.PATHS.state, 'workflow-phase.json');
+        const ps = flowIo.safeJsonParse(phaseStatePath, null);
+        if (ps) {
+          phase = ps.phase || 'idle';
+          taskId = ps.taskId || null;
+        }
+      } catch (_err) { /* fail-open */ }
+      if (taskId) {
+        try {
+          const ready = flowUtils.getReadyData ? flowUtils.getReadyData() : null;
+          const inProgress = (ready && Array.isArray(ready.inProgress)) ? ready.inProgress : [];
+          taskMeta = inProgress.find(t => t && t.id === taskId) || null;
+        } catch (_err) { /* fail-open */ }
+      }
+
+      const archResult = deps.checkArchitectRequired({
+        phase, taskId, taskMeta, config, toolName
+      });
+      if (archResult.blocked) {
+        return {
+          allowed: false,
+          blocked: true,
+          reason: archResult.reason || 'architect-required',
+          message: archResult.message,
+        };
+      }
+    } catch (_err) {
+      if (process.env.DEBUG) console.error(`[Hook] Architect-required gate error (fail-open): ${_err.message}`);
+    }
+  }
+
   // wf-f9912af6: Deferral-authorization gate. Blocks Write/Edit to
   // last-review.json / last-audit.json when the new content introduces
   // `status: deferred*` on findings without explicit user authorization.