wogiflow 2.29.9 → 2.30.1

package/.claude/commands/wogi-decide.md

@@ -105,6 +105,34 @@ Options:
 
 Use `AskUserQuestion` to present these options.
 
+### Step 2.5: Mechanical-Enforcement Check (wf-037f8d66)
+
+**Rules without mechanical enforcement are vibes.** Before writing any new rule, classify how it will be enforced:
+
+| Enforcement type | Examples | Reliability |
+|---|---|---|
+| **Mechanical gate** (PreToolUse/Stop hook, type system, lint rule, standards-checker pattern) | deferral-gate, research-evidence-gate, phase-read-gate, hook-three-layer LOC check, forbidden-patterns | High — agent cannot skip |
+| **Test assertion** (unit/integration test that fails on violation) | architectural test asserting no hardcoded paths | High — fails CI |
+| **Schema constraint** (config schema, JSON schema, Go type) | required fields, enum values | High — fails parse/compile |
+| **Vibes-only** (rule text in CLAUDE.md, decisions.md, or rule file with no mechanical check) | "use kebab-case", "prefer composition over inheritance", "always X / never Y" | **Low — agent skips it** |
+
+**The rule must declare its enforcement type.** If "vibes-only," call it out explicitly:
+
+> ⚠ This rule has no mechanical gate. It will be inconsistently enforced. To make it stick, propose one of:
+> - A standards-checker pattern in `.workflow/state/forbidden-patterns.json`
+> - A new gate in `scripts/hooks/core/`
+> - A unit test in `tests/`
+> - A type-system constraint
+>
+> Without one of those, expect the same class of violation to recur.
+
+**Anti-rationalization**:
+- "I'll just trust the AI to follow it" → WRONG. The reason this rule exists is the AI didn't follow it last time.
+- "It's documented in CLAUDE.md" → Documentation ≠ enforcement. Both can coexist.
+- "We can add the gate later" → "Later" is "never" for vibes-rules. Either commit to a gate now, or accept inconsistent enforcement.
+
+If user accepts vibes-only, proceed with the rule but tag it `enforcementType: "vibes-only"` in decisions.md so future audits surface it.
+
 ### Step 3: Assess Clarity
 
 Evaluate if the rule needs clarification. **Skip questions if the rule is already clear and specific.**

package/.claude/commands/wogi-learn.md

@@ -174,6 +174,7 @@ Given a pattern to promote:
    - Correction examples → Verification criteria
 
 3. **Delegate duplicate checking to `/wogi-decide --from-pattern`** which handles duplicate detection and the full rule-writing flow. This ensures a single source of truth for all rule-creation logic.
+   - **Note (wf-037f8d66)**: `/wogi-decide` Step 2.5 will require declaring the rule's enforcement type (mechanical gate / test / schema constraint / vibes-only). Patterns being promoted to rules MUST answer "what's the gate?" — if no mechanical enforcement exists, the rule is vibes-only and will not reliably enforce. The fact that this pattern recurred enough to be promoted is itself evidence that vibes-only didn't work.
 
 4. **Ask user for any additions:**
 

package/.workflow/state/forbidden-patterns.json.template

@@ -0,0 +1,15 @@
+[
+  {
+    "id": "no-claude-code-literal-in-core",
+    "pattern": "claude-code|tool_name|tool_input",
+    "flags": "i",
+    "severity": "must-fix",
+    "message": "Hooks/core files must not reference CLI-specific identifiers (claude-code, tool_name, tool_input). Use the normalized toolName / toolInput parameters from the orchestrator (CLI-agnostic). See .claude/rules/architecture/hook-three-layer.md.",
+    "exemptions": [
+      "scripts/hooks/entry/**",
+      "scripts/hooks/adapters/**",
+      "tests/**",
+      "**/*.test.js"
+    ]
+  }
+]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.29.9",
+  "version": "2.30.1",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -10,7 +10,7 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-correction-detector-reconcile.test.js tests/flow-correction-backfill.test.js tests/flow-audit-gates-feature-output-health.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
+    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-correction-detector-reconcile.test.js tests/flow-correction-backfill.test.js tests/flow-audit-gates-feature-output-health.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js tests/flow-standards-forbidden-patterns.test.js tests/flow-hooks-architect-required-gate.test.js tests/flow-architect-runs.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
     "test:syntax": "find scripts/ lib/ -name '*.js' -not -path '*/node_modules/*' -exec node --check {} +",
     "lint": "eslint scripts/ lib/ tests/",
     "lint:ci": "eslint scripts/ lib/ tests/ --max-warnings 0",

package/scripts/flow-architect-pass.js

@@ -479,6 +479,23 @@ function recordTelemetry({ taskId, parseResult, gateResult, runCtx = {} }) {
       sessionId: runCtx.sessionId ?? null,
     },
   });
+
+  // wf-037f8d66 / wf-2eafdab0: Write Architect-run marker for the architect-required
+  // PreToolUse gate. Marker proves Architect ran for this task — gate consults it
+  // before allowing Edit/Write/Bash in coding phase for L1+ tasks. Fail-open on any
+  // error. Imports from flow-architect-runs.js (neutral location — review M5 fix:
+  // hooks/core no longer owns the marker store, killing the cross-direction dep).
+  if (taskId && (telemetryVerdict === 'PASS' || telemetryVerdict === 'PASS_WITH_NOTES')) {
+    try {
+      const archRuns = require('./flow-architect-runs');
+      archRuns.writeArchitectRunMarker({
+        taskId,
+        model: runCtx.model || null,
+        plan: parseResult?.plan ? { sections: sectionsPresent } : null,
+        specPath: runCtx.specPath || null, // AC15: enables specHash staleness detection
+      });
+    } catch (_err) { /* fail-open */ }
+  }
 }
 
 // ============================================================

package/scripts/flow-architect-runs.js

@@ -0,0 +1,194 @@
+'use strict';
+
+/**
+ * Wogi Flow — Architect-Run Marker Store (wf-2eafdab0 / v2.30.1)
+ *
+ * Owns the read/write/GC operations for Architect-run evidence markers
+ * stored at `.workflow/state/architect-runs/<task-id>.json`.
+ *
+ * Why this lives in scripts/ (not hooks/core/): the architect-required gate
+ * READS markers; flow-architect-pass.js WRITES markers. With both helpers
+ * in hooks/core, we'd invert the established hooks-depend-on-scripts
+ * direction (review finding M5). This module is the neutral home both
+ * callers consume from.
+ *
+ * Public API:
+ *   - getArchitectRunPath(taskId) → string|null (validateTaskId guarded)
+ *   - writeArchitectRunMarker({taskId, model, plan, specPath}) → {written, path}
+ *   - hasArchitectRun(taskId, currentSpecPath?) → boolean (content-validated)
+ *   - gcStaleMarkers({maxAgeMs?, retainCompletedTasks?}) → {removed, kept}
+ *   - ARCHITECT_RUNS_DIR (constant)
+ *
+ * Hardening this round (review-fix v2.30.1):
+ *   - AC9:  hasArchitectRun validates JSON parse + taskId field match
+ *   - AC11: validateTaskId guard before path.join (path-traversal defense)
+ *   - AC14: tmp file unlinked on rename failure
+ *   - AC15: specHash (sha256) in marker payload for staleness detection
+ *   - AC8:  gcStaleMarkers removes completed-task markers older than maxAgeMs
+ */
+
+const path = require('node:path');
+const fs = require('node:fs');
+const crypto = require('node:crypto');
+const { PATHS, safeJsonParse, validateTaskId, getReadyData } = require('./flow-utils');
+
+const ARCHITECT_RUNS_DIR = path.join(PATHS.state, 'architect-runs');
+const DEFAULT_GC_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+
+/**
+ * Compute path to the Architect-run evidence marker.
+ * Returns null if taskId fails validateTaskId (path-traversal defense).
+ */
+function getArchitectRunPath(taskId) {
+  if (!taskId || typeof taskId !== 'string') return null;
+  // validateTaskId returns { valid, format }, not a bool — check the field.
+  const v = validateTaskId(taskId);
+  if (!v || v.valid !== true) return null;
+  return path.join(ARCHITECT_RUNS_DIR, `${taskId}.json`);
+}
+
+/**
+ * Compute sha256 of a file's content. Returns null if file missing/unreadable.
+ */
+function _hashFile(filePath) {
+  if (!filePath) return null;
+  try {
+    const content = fs.readFileSync(filePath, 'utf-8');
+    return crypto.createHash('sha256').update(content).digest('hex');
+  } catch (_err) {
+    return null;
+  }
+}
+
+/**
+ * Write Architect-run marker. Atomic temp-then-rename. Tmp file unlinked
+ * on rename failure (no leaked tmp files).
+ */
+function writeArchitectRunMarker(payload) {
+  if (!payload || !payload.taskId) {
+    return { written: false, path: null };
+  }
+  const filePath = getArchitectRunPath(payload.taskId);
+  if (!filePath) {
+    return { written: false, path: null };
+  }
+  const tmpPath = `${filePath}.tmp-${process.pid}`;
+  try {
+    if (!fs.existsSync(ARCHITECT_RUNS_DIR)) {
+      fs.mkdirSync(ARCHITECT_RUNS_DIR, { recursive: true });
+    }
+    const marker = {
+      taskId: payload.taskId,
+      completedAt: payload.completedAt || new Date().toISOString(),
+      model: payload.model || null,
+      plan: payload.plan || null,
+      specHash: payload.specPath ? _hashFile(payload.specPath) : null,
+      specPath: payload.specPath || null
+    };
+    fs.writeFileSync(tmpPath, JSON.stringify(marker, null, 2));
+    fs.renameSync(tmpPath, filePath);
+    return { written: true, path: filePath };
+  } catch (_err) {
+    // Clean up the tmp file if rename failed — don't leak.
+    try { fs.unlinkSync(tmpPath); } catch (_e) { /* fail-open */ }
+    return { written: false, path: null };
+  }
+}
+
+/**
+ * Validate that a marker exists AND its content is well-formed AND, if
+ * `currentSpecPath` is provided, the spec hasn't changed since the marker
+ * was written.
+ *
+ * Returns false on:
+ *   - missing file
+ *   - JSON parse failure (corrupted marker)
+ *   - taskId field mismatch (wrong marker for this task)
+ *   - specHash mismatch (spec was edited after Architect ran — stale)
+ */
+function hasArchitectRun(taskId, currentSpecPath) {
+  const p = getArchitectRunPath(taskId);
+  if (!p) return false;
+  if (!fs.existsSync(p)) return false;
+  const marker = safeJsonParse(p, null);
+  if (!marker || typeof marker !== 'object') return false;
+  if (marker.taskId !== taskId) return false;
+  // specHash check (AC15 — stale-spec invalidation)
+  if (currentSpecPath && marker.specHash) {
+    const currentHash = _hashFile(currentSpecPath);
+    if (currentHash && currentHash !== marker.specHash) return false;
+  }
+  return true;
+}
+
+/**
+ * Remove markers whose task is in `recentlyCompleted` and whose mtime is
+ * older than maxAgeMs. Idempotent; safe to call repeatedly.
+ *
+ * @param {Object} opts
+ * @param {number} [opts.maxAgeMs=7d] — markers older than this are eligible
+ * @param {boolean} [opts.retainCompletedTasks=false] — keep markers for completed tasks
+ *                                                     (default: GC them)
+ * @returns {{removed: string[], kept: string[]}}
+ */
+function gcStaleMarkers(opts = {}) {
+  const maxAgeMs = typeof opts.maxAgeMs === 'number' ? opts.maxAgeMs : DEFAULT_GC_MAX_AGE_MS;
+  const retainCompletedTasks = opts.retainCompletedTasks === true;
+  const result = { removed: [], kept: [] };
+  if (!fs.existsSync(ARCHITECT_RUNS_DIR)) return result;
+
+  // Build set of completed task IDs (markers eligible for GC by default)
+  let completedIds = new Set();
+  try {
+    const ready = getReadyData();
+    if (ready && Array.isArray(ready.recentlyCompleted)) {
+      for (const t of ready.recentlyCompleted) {
+        if (t && t.id) completedIds.add(t.id);
+      }
+    }
+  } catch (_err) { /* fail-open */ }
+
+  const now = Date.now();
+  let entries = [];
+  try {
+    entries = fs.readdirSync(ARCHITECT_RUNS_DIR);
+  } catch (_err) { return result; }
+
+  for (const entry of entries) {
+    if (!entry.endsWith('.json')) continue;
+    const taskId = entry.slice(0, -5); // strip .json
+    if (!validateTaskId(taskId).valid) {
+      // Stray file — leave alone (could be backup or someone else's data)
+      result.kept.push(taskId);
+      continue;
+    }
+    const fullPath = path.join(ARCHITECT_RUNS_DIR, entry);
+    let stat;
+    try { stat = fs.statSync(fullPath); } catch (_err) { continue; }
+    const ageMs = now - stat.mtimeMs;
+    const isCompleted = completedIds.has(taskId);
+    const isExpired = ageMs > maxAgeMs;
+
+    // Eligible for GC: task is completed AND marker is older than maxAge,
+    // unless retainCompletedTasks is true.
+    if (isCompleted && isExpired && !retainCompletedTasks) {
+      try {
+        fs.unlinkSync(fullPath);
+        result.removed.push(taskId);
+      } catch (_err) {
+        result.kept.push(taskId);
+      }
+    } else {
+      result.kept.push(taskId);
+    }
+  }
+  return result;
+}
+
+module.exports = {
+  ARCHITECT_RUNS_DIR,
+  getArchitectRunPath,
+  writeArchitectRunMarker,
+  hasArchitectRun,
+  gcStaleMarkers
+};

package/scripts/flow-feature-dossier.js

@@ -36,6 +36,9 @@ const fs = require('node:fs');
 const path = require('node:path');
 const { execSync } = require('node:child_process');
 const { PATHS, safeJsonParse } = require('./flow-utils');
+const { globToRegex: _gtr } = require('./flow-glob');
+// Local convenience: case-insensitive glob (this module's historical default)
+const globToRegex = (pat) => _gtr(pat, 'i');
 
 const DOSSIER_DIRNAME = 'dossiers';
 const INDEX_FILENAME = 'index.json';
@@ -254,15 +257,6 @@ function matchFeatures(input = {}) {
   return Object.values(scores).sort((a, b) => b.score - a.score);
 }
 
-function globToRegex(pat) {
-  const escaped = pat
-    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
-    .replace(/\*\*/g, '.__DBLSTAR__')
-    .replace(/\*/g, '[^/]*')
-    .replace(/\.__DBLSTAR__/g, '.*')
-    .replace(/\?/g, '[^/]');
-  return new RegExp(`^${escaped}$`, 'i');
-}
 
 function scaffoldDossier(slug, meta = {}) {
   if (RESERVED_SLUGS.has(slug)) {

package/scripts/flow-glob.js

@@ -0,0 +1,104 @@
+'use strict';
+
+/**
+ * Wogi Flow — Glob Matcher (wf-2eafdab0 / v2.30.1)
+ *
+ * Single source of truth for glob → regex conversion across:
+ *   - flow-standards-checker.js (forbidden-patterns exemptions)
+ *   - flow-feature-dossier.js  (dossier scope matching)
+ *   - flow-logic-rules.js      (logic-rule applies-to scope)
+ *
+ * Replaces 3 separate inline implementations (review finding M4).
+ *
+ * Semantics (security-patterns.md §4 compliant):
+ *   - single-star  matches any chars EXCEPT path separators (uses [^/]*, not .*)
+ *   - double-star  matches any chars INCLUDING path separators (uses .*)
+ *   - question     matches a single non-separator char ([^/])
+ *   - "dir/double-star" ALSO matches "dir" itself (the directory case — review M3)
+ *   - "double-star/foo" requires a directory boundary or root — does NOT match
+ *     "xfoo" as a substring of another segment (review M3)
+ *   - All regex metacharacters in literal portions are escaped.
+ *
+ * Public API:
+ *   - globToRegex(glob) → RegExp (anchored ^...$, throws if input invalid)
+ *   - globMatch(filePath, glob) → boolean (false-on-error fail-open)
+ */
+
+/** Regex metacharacters that need escaping when they appear as literal chars. */
+const REGEX_METACHARS = '.^$+(){}[]|\\';
+
+/**
+ * Convert a glob pattern to an anchored regex source string (no flags).
+ * Returns the regex source; caller wraps in `new RegExp(src)` if needed.
+ *
+ * Edge cases (notation: ★ = star — literal asterisk-slash ends JSDoc blocks).
+ * "dir/★★" → directory-or-anything-under regex; "★★/foo" → optional-prefix
+ * regex that requires a directory boundary; bare "★★" → match-anything regex.
+ */
+function globToRegexSource(glob) {
+  if (typeof glob !== 'string') throw new TypeError('glob must be a string');
+  let re = '^';
+  let i = 0;
+  while (i < glob.length) {
+    const c = glob[i];
+    // Detect `**/` — anchored anywhere or at start
+    if (c === '*' && glob[i + 1] === '*' && glob[i + 2] === '/') {
+      // `**/` matches zero-or-more directory segments + separator
+      re += '(?:.*/)?';
+      i += 3;
+    } else if (c === '/' && glob[i + 1] === '*' && glob[i + 2] === '*' && (i + 3 === glob.length || glob[i + 3] === undefined)) {
+      // `dir/**` at end: match `/anything` OR nothing (dir itself)
+      re += '(?:/.*)?';
+      i += 3;
+    } else if (c === '*' && glob[i + 1] === '*') {
+      // `**` not followed by `/` and not preceded by `/` — bare `**` matches anything
+      re += '.*';
+      i += 2;
+    } else if (c === '*') {
+      // single `*` — no path separators
+      re += '[^/]*';
+      i++;
+    } else if (c === '?') {
+      re += '[^/]';
+      i++;
+    } else if (REGEX_METACHARS.includes(c)) {
+      re += '\\' + c;
+      i++;
+    } else {
+      re += c;
+      i++;
+    }
+  }
+  re += '$';
+  return re;
+}
+
+/**
+ * Compile a glob to a RegExp object. Always anchored.
+ * @param {string} glob — pattern string
+ * @param {string} [flags=''] — RegExp flags (e.g., 'i' for case-insensitive)
+ */
+function globToRegex(glob, flags = '') {
+  return new RegExp(globToRegexSource(glob), flags);
+}
+
+/**
+ * Match a file path against a glob. Normalizes Windows-style separators
+ * to forward slashes. Returns false on any error (fail-open for callers
+ * that don't want to handle exceptions).
+ */
+function globMatch(filePath, glob) {
+  if (typeof filePath !== 'string' || typeof glob !== 'string') return false;
+  const normalized = filePath.replace(/\\/g, '/');
+  try {
+    return globToRegex(glob).test(normalized);
+  } catch (_err) {
+    return false;
+  }
+}
+
+module.exports = {
+  globToRegex,
+  globToRegexSource,
+  globMatch
+};

package/scripts/flow-logic-rules.js

@@ -33,6 +33,9 @@ const fs = require('node:fs');
 const path = require('node:path');
 const { execSync } = require('node:child_process');
 const { PATHS } = require('./flow-utils');
+const { globToRegex: _gtr } = require('./flow-glob');
+// Local convenience: case-insensitive glob (this module's historical default)
+const globToRegex = (pat) => _gtr(pat, 'i');
 const { getDossierRoots, DOSSIER_DIRNAME: _DOSSIER_DIRNAME } = require('./flow-feature-dossier');
 
 const LOGIC_RULES_FILENAME = '_logic-rules.md';
@@ -133,15 +136,6 @@ function listRules() {
   return all;
 }
 
-function globToRegex(pat) {
-  const escaped = pat
-    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
-    .replace(/\*\*/g, '.__DBLSTAR__')
-    .replace(/\*/g, '[^/]*')
-    .replace(/\.__DBLSTAR__/g, '.*')
-    .replace(/\?/g, '[^/]');
-  return new RegExp(`^${escaped}$`, 'i');
-}
 
 function matchRulesForFiles(files = [], extraKeywords = []) {
   if (!Array.isArray(files)) files = [files];

package/scripts/flow-standards-checker.js

@@ -23,6 +23,7 @@ const {
   color,
   getConfig
 } = require('./flow-utils');
+const { globMatch } = require('./flow-glob');
 const {
   calculateCombinedSimilarity,
   getMatchLevel,
@@ -77,23 +78,23 @@ const MATCH_LEVEL_SEVERITY = {
 };
 
 // Task type to check type mapping for smart scoping
-// wf-00c5067b: 'hook-three-layer' added to all task types — entry-file LOC
-// + import-count rule (per .claude/rules/architecture/hook-three-layer.md)
-// is universally applicable; the exemption list in config covers known
-// pre-extraction violators (see ARCH-001, ARCH-002 in .workflow/state/last-audit.json).
+// wf-00c5067b: 'hook-three-layer' added — entry-file LOC + import-count rule.
+// wf-037f8d66: 'forbidden-patterns' added — declarative project-specific
+// patterns (agnosticism rules, no-hardcoding rules, etc.) loaded from
+// .workflow/state/forbidden-patterns.json. Empty file = no-op.
 const TASK_CHECK_MAP = {
-  'component': ['naming', 'components', 'security', 'hook-three-layer'],
-  'utility': ['naming', 'functions', 'security', 'hook-three-layer'],
-  'api': ['naming', 'api', 'security', 'hook-three-layer'],
-  'feature': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'],
-  'bugfix': ['naming', 'security', 'hook-three-layer'],
-  'refactor': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'],
-  'story': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'],
-  'default': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer']
+  'component': ['naming', 'components', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'utility': ['naming', 'functions', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'api': ['naming', 'api', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'feature': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'bugfix': ['naming', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'refactor': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'story': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'],
+  'default': ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns']
 };
 
 // All available check types
-const ALL_CHECK_TYPES = ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer'];
+const ALL_CHECK_TYPES = ['naming', 'components', 'functions', 'api', 'schemas', 'services', 'security', 'hook-three-layer', 'forbidden-patterns'];
 
 // ============================================================================
 // Parse Standards Files
@@ -639,6 +640,181 @@ function checkHookThreeLayer(file, hookThreeLayerConfig = {}) {
   return violations;
 }
 
+/**
+ * wf-037f8d66 — Check forbidden patterns from project's declarative rule pack.
+ *
+ * Projects declare their forbidden patterns in `.workflow/state/forbidden-patterns.json`.
+ * This is the GENERIC, DATA-DRIVEN counterpart to checkSecurityPatterns (which is
+ * source-coded). Projects can encode "agnosticism" rules, "no-hardcoding" rules,
+ * "no-claude-code-literal-outside-docs" rules, etc., without modifying the checker.
+ *
+ * Format (forbidden-patterns.json):
+ *   [
+ *     {
+ *       "id": "no-claude-code-literal",
+ *       "pattern": "['\"]claude-code['\"]",      // RegExp source string
+ *       "flags": "g",                             // optional, defaults to 'g'
+ *       "exemptions": ["docs/**", "*.md", "reference/**"],
+ *       "severity": "must-fix",                   // 'must-fix' | 'warning'
+ *       "message": "wogiflow-cli is agnostic; ..."
+ *     }
+ *   ]
+ *
+ * @param {Object} file — { path, content }
+ * @param {Object[]} patterns — array of pattern entries
+ * @returns {Object[]} violations
+ */
+function checkForbiddenPatterns(file, patterns) {
+  const violations = [];
+  if (!Array.isArray(patterns) || patterns.length === 0) return violations;
+
+  const content = file.content || '';
+  const relPath = file.path.startsWith('/')
+    ? path.relative(PATHS.root, file.path)
+    : file.path;
+
+  // AC3 (M1 fix): per-file content size cap. Skip files that exceed the cap;
+  // attacker-supplied or accidentally-huge inputs can't lock the matcher.
+  if (content.length > DEFAULT_MAX_CONTENT_BYTES) {
+    return violations; // silently skip — large file, no scan
+  }
+
+  for (const entry of patterns) {
+    if (!entry || typeof entry !== 'object') continue;
+    if (!entry.pattern || typeof entry.pattern !== 'string') continue;
+
+    // Exemption check (glob match against relative path)
+    const exemptions = Array.isArray(entry.exemptions) ? entry.exemptions : [];
+    const exempted = exemptions.some(glob => globMatch(relPath, glob));
+    if (exempted) continue;
+
+    // AC3 (M1 fix): pre-compile reject of catastrophic-backtracking patterns.
+    const catRisk = detectCatastrophicPattern(entry.pattern);
+    if (catRisk) {
+      violations.push({
+        type: 'forbidden-pattern-malformed',
+        severity: 'warning',
+        file: file.path,
+        line: 1,
+        message: `Pattern "${entry.id || entry.pattern}" rejected pre-compile: ${catRisk}`,
+        rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+      });
+      continue; // don't compile or run the dangerous pattern
+    }
+
+    // Compile regex
+    let re;
+    try {
+      const flags = entry.flags && typeof entry.flags === 'string' ? entry.flags : 'g';
+      re = new RegExp(entry.pattern, flags);
+    } catch (_err) {
+      // Invalid regex — skip (don't crash check)
+      continue;
+    }
+
+    // Match — with wall-clock budget (AC3/M1 fix).
+    let match;
+    re.lastIndex = 0;
+    const deadline = Date.now() + DEFAULT_MATCH_BUDGET_MS;
+    while ((match = re.exec(content)) !== null) {
+      // Budget check: bail out gracefully if the matcher takes too long.
+      // Acceptable to drop late matches — defends against ReDoS, not a
+      // correctness guarantee.
+      if (Date.now() > deadline) {
+        violations.push({
+          type: 'forbidden-pattern-timeout',
+          severity: 'warning',
+          file: file.path,
+          line: 1,
+          message: `Pattern "${entry.id || entry.pattern}" exceeded ${DEFAULT_MATCH_BUDGET_MS}ms budget on this file — partial results, scan aborted.`,
+          rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+        });
+        break;
+      }
+      const before = content.substring(0, match.index);
+      const lineNumber = (before.match(/\n/g) || []).length + 1;
+      violations.push({
+        type: 'forbidden-pattern',
+        severity: entry.severity === 'warning' ? 'warning' : 'must-fix',
+        file: file.path,
+        line: lineNumber,
+        message: entry.message || `Forbidden pattern matched: ${entry.id || entry.pattern}`,
+        rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+      });
+
+      // Avoid infinite loop on zero-length matches
+      if (match.index === re.lastIndex) re.lastIndex++;
+    }
+  }
+
+  return violations;
+}
+
+// Note: globMatch was extracted to scripts/flow-glob.js (review M4 fix —
+// kills 3 separate inline implementations). Imported at top of this file.
+
+/**
+ * Detect catastrophic-backtracking regex patterns BEFORE compilation.
+ * Returns a reason string if the pattern looks ReDoS-prone, null otherwise.
+ *
+ * Heuristic: nested quantifiers like (a+)+, (.*)*, ([a-z]+)+ are the canonical
+ * shape. We don't claim to catch every adversarial pattern — just the common
+ * ones. Per AC3 (review M1 fix).
+ */
+function detectCatastrophicPattern(patternSrc) {
+  if (typeof patternSrc !== 'string') return null;
+  // Match: ( ... <quantifier> ) <quantifier>
+  // Where quantifier is one of: +, *, {n,m}
+  const NESTED = /\([^()]*[+*][^()]*\)\s*[+*]/;
+  if (NESTED.test(patternSrc)) {
+    return 'nested-quantifier (e.g., (a+)+, (.*)*, ([a-z]+)+) — catastrophic backtracking risk';
+  }
+  return null;
+}
+
+const DEFAULT_MAX_CONTENT_BYTES = 1_000_000; // 1MB
+const DEFAULT_MATCH_BUDGET_MS = 200;
+
+/**
+ * Load forbidden-patterns.json from project state dir.
+ * Uses safeJsonParse (per security-patterns.md §2 — review H1 fix).
+ * Emits stderr warning when state dir exists but file does NOT (AC2/H2 — silent
+ * no-op detection) and when file exists but parse fails (AC12/L2).
+ * @returns {Object[]} pattern entries (empty array if missing/invalid)
+ */
+function loadForbiddenPatterns(projectRoot) {
+  const root = projectRoot || PATHS.root;
+  const stateDir = path.join(root, '.workflow', 'state');
+  const filePath = path.join(stateDir, 'forbidden-patterns.json');
+  if (!fs.existsSync(filePath)) {
+    // AC2/H2: warn when state dir is initialized but pack is missing.
+    // Mirrors the CL-004 stderr-warn pattern in pre-tool-deps.js — silently
+    // shimming a missing rule pack masks broken installs.
+    if (fs.existsSync(stateDir) && process.env.WOGI_QUIET !== '1') {
+      console.error(
+        '[Standards] forbidden-patterns.json not found at .workflow/state/ — feature ' +
+        'inactive this run. Run `flow init --force` or copy from ' +
+        '.workflow/state/forbidden-patterns.json.template to enable.'
+      );
+    }
+    return [];
+  }
+  // AC1/H1 fix: use safeJsonParse instead of raw JSON.parse(fs.readFileSync(...))
+  const parsed = safeJsonParse(filePath, null);
+  if (parsed === null) {
+    // AC12/L2: warn when the file exists but parse failed (syntax error).
+    if (process.env.WOGI_QUIET !== '1') {
+      console.error(
+        '[Standards] forbidden-patterns.json failed to parse — feature disabled this run. ' +
+        'Check for trailing commas / mismatched braces.'
+      );
+    }
+    return [];
+  }
+  if (!Array.isArray(parsed)) return [];
+  return parsed;
+}
+
 function checkApiDuplication(file, existingEndpoints, matchConfig) {
   const violations = [];
   const content = file.content || '';
@@ -1090,6 +1266,8 @@ function runStandardsCheck(files, options = {}) {
   const functions = checksToRun.includes('functions') ? parseFunctionMap() : [];
   const endpoints = checksToRun.includes('api') ? parseApiMap() : [];
   const rulesFiles = checksToRun.includes('security') ? loadRulesDir() : [];
+  // wf-037f8d66: load forbidden-patterns.json (empty array if missing)
+  const forbiddenPatterns = checksToRun.includes('forbidden-patterns') ? loadForbiddenPatterns() : [];
 
   // Load schema/service registries if needed
   const schemas = checksToRun.includes('schemas') ? parseSchemaMap() : [];
@@ -1115,7 +1293,8 @@ function runStandardsCheck(files, options = {}) {
     'service-map.md': { checked: checksToRun.includes('services') && services.length > 0, violations: 0 },
     'naming-conventions': { checked: checksToRun.includes('naming'), violations: 0 },
     'security-patterns': { checked: checksToRun.includes('security'), violations: 0 },
-    'hook-three-layer': { checked: checksToRun.includes('hook-three-layer'), violations: 0 }
+    'hook-three-layer': { checked: checksToRun.includes('hook-three-layer'), violations: 0 },
+    'forbidden-patterns': { checked: checksToRun.includes('forbidden-patterns') && forbiddenPatterns.length > 0, violations: 0 }
   };
 
   for (const file of files) {
@@ -1181,6 +1360,13 @@ function runStandardsCheck(files, options = {}) {
       allViolations.push(...hookViolations);
       checksSummary['hook-three-layer'].violations += hookViolations.length;
     }
+
+    // Forbidden patterns from project rule pack (wf-037f8d66)
+    if (checksToRun.includes('forbidden-patterns') && forbiddenPatterns.length > 0) {
+      const fpViolations = checkForbiddenPatterns(file, forbiddenPatterns);
+      allViolations.push(...fpViolations);
+      checksSummary['forbidden-patterns'].violations += fpViolations.length;
+    }
   }
 
   // Count must-fix violations
@@ -1415,6 +1601,9 @@ module.exports = {
   checkRegistryDuplication,
   checkSecurityPatterns,
   checkHookThreeLayer,
+  checkForbiddenPatterns, // wf-037f8d66: declarative project rule pack
+  loadForbiddenPatterns, // wf-037f8d66: exposed for tests + external use
+  globMatch, // wf-037f8d66: exposed for unit testing
   extractDeclaredNames,
   discoverAllRegistries,
   collectReuseCandidates,

package/scripts/hooks/core/architect-required-gate.js

@@ -0,0 +1,124 @@
+'use strict';
+
+/**
+ * Wogi Flow - Architect-Required Gate (wf-037f8d66, hardened in wf-2eafdab0)
+ *
+ * Closes the methodology gap where the IGR Architect/Adversary pass at
+ * spec_review IS specced (per .claude/docs/phases/02-spec.md) but enforcement
+ * is prompt-only — the agent can skip Architect and go straight to coding.
+ *
+ * This gate fires on Edit/Write/Bash during the `coding` phase for L1+ tasks
+ * when config.intentGroundedReasoning.enabled is true and no evidence of an
+ * Architect run exists for the current task.
+ *
+ * Evidence marker: read from flow-architect-runs.js (the neutral-location
+ * module that BOTH this gate and flow-architect-pass.js consume — keeps
+ * hooks/core from owning state hooks/core's parents need to write to).
+ *
+ * Scope:
+ *   - L0 (epic) / L1 (story) tasks: Architect required → gate enforces
+ *   - L2 / L3 tasks: skip spec_review entirely (correctly) → gate is a no-op
+ *   - type=story/epic with MISSING level: fail-closed (treat as L1)
+ *
+ * Mutation set: Edit, Write, Bash (NOT TodoWrite — review finding M8: blocking
+ * planning before coding is chicken-and-egg).
+ *
+ * Fail-open: any error reading state/config → allow tool call.
+ */
+
+const archRuns = require('../../flow-architect-runs');
+const { hasArchitectRun, getArchitectRunPath, writeArchitectRunMarker } = archRuns;
+
+/**
+ * Determine whether the current task requires Architect.
+ *
+ * Returns true for:
+ *   - L0 (epic), L1 (story)
+ *   - type=story OR type=epic with MISSING/empty level (fail-closed — review M2)
+ *
+ * Returns false for:
+ *   - explicit L2 / L3 (regardless of type)
+ *   - missing/null taskMeta
+ *   - unknown type with no level signal
+ */
+function requiresArchitect(taskMeta) {
+  if (!taskMeta || typeof taskMeta !== 'object') return false;
+  const level = (taskMeta.level || '').toUpperCase();
+  // Explicit level takes precedence
+  if (level === 'L0' || level === 'L1') return true;
+  if (level === 'L2' || level === 'L3') return false;
+  // No explicit level — fail-closed for stories/epics (M2 fix).
+  // A task created without a level field is untracked-by-pipeline; treating
+  // it as "doesn't need architect" lets bypass slip through. Stories/epics
+  // are exactly the work-types Architect is for.
+  const type = (taskMeta.type || '').toLowerCase();
+  if (type === 'story' || type === 'epic') return true;
+  return false;
+}
+
+/**
+ * Read whether the gate is enabled from config.
+ * Default: enabled when IGR is enabled.
+ */
+function isGateEnabled(config) {
+  const igr = config?.intentGroundedReasoning;
+  if (!igr || igr.enabled === false) return false;
+  if (config?.architectRequiredGate?.enabled === false) return false;
+  return true;
+}
+
+/**
+ * Main gate check.
+ *
+ * @param {Object} ctx — { phase, taskId, taskMeta, config, toolName, specPath? }
+ * @returns {{ blocked: boolean, reason?: string, message?: string }}
+ */
+function checkArchitectRequired(ctx) {
+  const { phase, taskId, taskMeta, config, toolName, specPath } = ctx || {};
+
+  // Mutation set: Edit/Write/Bash only. TodoWrite removed (M8).
+  const mutationTools = new Set(['Edit', 'Write', 'Bash']);
+  if (!toolName || !mutationTools.has(toolName)) return { blocked: false };
+
+  // Only fires during coding phase
+  if (phase !== 'coding') return { blocked: false };
+
+  // Gate disabled (or IGR off)
+  if (!isGateEnabled(config)) return { blocked: false };
+
+  // No active task → not in scope
+  if (!taskId) return { blocked: false };
+
+  // L2/L3 tasks correctly bypass spec_review — gate is a no-op
+  if (!requiresArchitect(taskMeta)) return { blocked: false };
+
+  // Check evidence marker (with content validation + optional specHash check)
+  if (hasArchitectRun(taskId, specPath)) return { blocked: false };
+
+  return {
+    blocked: true,
+    reason: 'architect-required',
+    message: [
+      `ARCHITECT-REQUIRED GATE: task ${taskId} is L1+ in coding phase but no `,
+      `valid Architect run is recorded at ${getArchitectRunPath(taskId)}.\n\n`,
+      `Per .claude/docs/phases/02-spec.md Step 1.55, L1+ tasks must run an `,
+      `Architect pass before coding. Invoke:\n\n`,
+      `  node scripts/flow-architect-pass.js run --task=${taskId}\n\n`,
+      `Then retry your edit. To opt out for this task only, set `,
+      `config.architectRequiredGate.enabled = false (project-level).`
+    ].join('')
+  };
+}
+
+module.exports = {
+  checkArchitectRequired,
+  // Re-exports from flow-architect-runs for backward compat with existing
+  // test suite + flow-architect-pass.js. These pass-throughs let consumers
+  // who already require the gate continue to work; new consumers should
+  // prefer require('../../flow-architect-runs') directly.
+  requiresArchitect,
+  isGateEnabled,
+  hasArchitectRun,
+  getArchitectRunPath,
+  writeArchitectRunMarker
+};

package/scripts/hooks/core/pre-tool-deps.js

@@ -58,6 +58,15 @@ function loadGateDeps() {
     if (process.env.DEBUG) console.error(`[Hook] Phase-read gate not loaded: ${_err.message}`);
   }
 
+  // wf-037f8d66: Architect-required gate (mechanical Layer 2 enforcement)
+  let checkArchitectRequired = () => ({ blocked: false });
+  try {
+    const arg = require('./architect-required-gate');
+    checkArchitectRequired = arg.checkArchitectRequired;
+  } catch (_err) {
+    if (process.env.DEBUG) console.error(`[Hook] Architect-required gate not loaded: ${_err.message}`);
+  }
+
   let recordEvidenceRead = () => {};
   let checkSpecWriteGate = _phaseNoop;
   let clearResearchEvidence = () => {};
@@ -168,6 +177,7 @@ function loadGateDeps() {
     checkRoutingGate, clearRoutingPending, hasActiveTask,
     checkPhaseGate, checkCommitLogGate,
     recordPhaseRead, checkPhaseReadGate, clearPhaseReads,
+    checkArchitectRequired, // wf-037f8d66
     recordEvidenceRead, checkSpecWriteGate, clearResearchEvidence,
     checkDeployGate, checkWriteBlock,
     checkStrikeGate, checkBugfixScope, checkScopeMutation,

package/scripts/hooks/core/pre-tool-helpers.js

@@ -64,9 +64,47 @@ function isAllGatesDisabled(hookStatus) {
   );
 }
 
+/**
+ * Resolve the current workflow phase + task meta from state files.
+ *
+ * Reads `.workflow/state/workflow-phase.json` for { phase, taskId }, then
+ * looks up the matching task in `ready.json.inProgress` for full taskMeta.
+ *
+ * Fail-open everywhere: any read/parse error → returns the partial state
+ * resolved so far. Multiple gates may need this context; centralizing here
+ * stops the inline-block proliferation flagged by review L3.
+ *
+ * @returns {{phase: string, taskId: string|null, taskMeta: object|null}}
+ */
+function resolveCurrentTaskContext() {
+  const path = require('node:path');
+  const flowUtils = require('../../flow-utils');
+  const flowIo = require('../../flow-io');
+  let phase = 'idle';
+  let taskId = null;
+  let taskMeta = null;
+  try {
+    const phaseStatePath = path.join(flowUtils.PATHS.state, 'workflow-phase.json');
+    const ps = flowIo.safeJsonParse(phaseStatePath, null);
+    if (ps) {
+      phase = ps.phase || 'idle';
+      taskId = ps.taskId || null;
+    }
+  } catch (_err) { /* fail-open */ }
+  if (taskId) {
+    try {
+      const ready = flowUtils.getReadyData ? flowUtils.getReadyData() : null;
+      const inProgress = (ready && Array.isArray(ready.inProgress)) ? ready.inProgress : [];
+      taskMeta = inProgress.find(t => t && t.id === taskId) || null;
+    } catch (_err) { /* fail-open */ }
+  }
+  return { phase, taskId, taskMeta };
+}
+
 module.exports = {
   VALID_AGENT_TYPES,
   READ_ONLY_AGENT_TYPES,
   parseSubagentContext,
   isAllGatesDisabled,
+  resolveCurrentTaskContext,
 };

package/scripts/hooks/core/pre-tool-orchestrator.js

@@ -118,6 +118,33 @@ function runPreToolGates(ctx, deps) {
     }
   }
 
+  // Architect-required gate (wf-037f8d66, hardened wf-2eafdab0)
+  // L1+ tasks in coding phase must have run Architect/Adversary before any Edit/Write/Bash.
+  // TodoWrite removed from gate set (review M8 fix — planning-tool chicken-and-egg).
+  // L2/L3 tasks bypass spec_review entirely (correctly), so the gate is a no-op there.
+  // Task context resolution extracted to resolveCurrentTaskContext (review L3 fix).
+  // Fail-open on any error.
+  if (typeof deps.checkArchitectRequired === 'function' &&
+      (toolName === 'Edit' || toolName === 'Write' || toolName === 'Bash')) {
+    try {
+      const { resolveCurrentTaskContext } = require('./pre-tool-helpers');
+      const { phase, taskId, taskMeta } = resolveCurrentTaskContext();
+      const archResult = deps.checkArchitectRequired({
+        phase, taskId, taskMeta, config, toolName
+      });
+      if (archResult.blocked) {
+        return {
+          allowed: false,
+          blocked: true,
+          reason: archResult.reason || 'architect-required',
+          message: archResult.message,
+        };
+      }
+    } catch (_err) {
+      if (process.env.DEBUG) console.error(`[Hook] Architect-required gate error (fail-open): ${_err.message}`);
+    }
+  }
+
   // wf-f9912af6: Deferral-authorization gate. Blocks Write/Edit to
   // last-review.json / last-audit.json when the new content introduces
   // `status: deferred*` on findings without explicit user authorization.

package/scripts/hooks/core/session-end.js

@@ -68,6 +68,18 @@ function handleSessionEnd(input) {
       result.logged = false;
     }
 
+    // wf-2eafdab0 (AC8): GC stale architect-run markers for completed tasks.
+    // Markers in `.workflow/state/architect-runs/` accumulate forever otherwise;
+    // task-id collision (re-used fixtures, manual ID re-use) bypasses the gate.
+    // Fail-open everywhere — never block session end.
+    try {
+      const { gcStaleMarkers } = require('../../flow-architect-runs');
+      const gc = gcStaleMarkers(); // default 7-day retention for completed tasks
+      if (gc && gc.removed && gc.removed.length > 0) {
+        result.architectMarkerGc = { removed: gc.removed.length };
+      }
+    } catch (_err) { /* non-critical */ }
+
     // Surface pending skill proposals staged by `flow skill propose|patch|remove`.
     // These await user approval (`flow skill promote|reject`) at session end.
     try {

package/scripts/postinstall.js

@@ -148,6 +148,31 @@ function createMinimalStructure() {
       }, null, 2), { mode: FILE_MODE });
     }
   }
+
+  // wf-2eafdab0 (AC2/H2): Create forbidden-patterns.json from template on fresh
+  // installs. Idempotent — never overwrites an existing file. Without this, the
+  // declarative-forbidden-pattern feature ships as a silent no-op (the v2.30.0
+  // bug this commit fixes).
+  const forbiddenPatternsPath = path.join(STATE_DIR, 'forbidden-patterns.json');
+  if (!fs.existsSync(forbiddenPatternsPath)) {
+    const fpTemplate = path.join(STATE_DIR, 'forbidden-patterns.json.template');
+    try {
+      const rawContent = fs.existsSync(fpTemplate)
+        ? fs.readFileSync(fpTemplate, 'utf-8')
+        : '[]';
+      const parsed = safeJsonParseString(rawContent, []);
+      fs.writeFileSync(
+        forbiddenPatternsPath,
+        JSON.stringify(parsed, null, 2),
+        { mode: FILE_MODE }
+      );
+    } catch (err) {
+      if (process.env.DEBUG) {
+        console.error(`[postinstall] forbidden-patterns template error: ${err.message}`);
+      }
+      fs.writeFileSync(forbiddenPatternsPath, '[]\n', { mode: FILE_MODE });
+    }
+  }
 }
 
 /**