wogiflow 2.30.0 → 2.30.1

package/.workflow/state/forbidden-patterns.json.template

@@ -0,0 +1,15 @@
+[
+  {
+    "id": "no-claude-code-literal-in-core",
+    "pattern": "claude-code|tool_name|tool_input",
+    "flags": "i",
+    "severity": "must-fix",
+    "message": "Hooks/core files must not reference CLI-specific identifiers (claude-code, tool_name, tool_input). Use the normalized toolName / toolInput parameters from the orchestrator (CLI-agnostic). See .claude/rules/architecture/hook-three-layer.md.",
+    "exemptions": [
+      "scripts/hooks/entry/**",
+      "scripts/hooks/adapters/**",
+      "tests/**",
+      "**/*.test.js"
+    ]
+  }
+]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.30.0",
+  "version": "2.30.1",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -10,7 +10,7 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-correction-detector-reconcile.test.js tests/flow-correction-backfill.test.js tests/flow-audit-gates-feature-output-health.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js tests/flow-standards-forbidden-patterns.test.js tests/flow-hooks-architect-required-gate.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
+    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-correction-detector-reconcile.test.js tests/flow-correction-backfill.test.js tests/flow-audit-gates-feature-output-health.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js tests/flow-standards-forbidden-patterns.test.js tests/flow-hooks-architect-required-gate.test.js tests/flow-architect-runs.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
     "test:syntax": "find scripts/ lib/ -name '*.js' -not -path '*/node_modules/*' -exec node --check {} +",
     "lint": "eslint scripts/ lib/ tests/",
     "lint:ci": "eslint scripts/ lib/ tests/ --max-warnings 0",

package/scripts/flow-architect-pass.js

@@ -480,16 +480,19 @@ function recordTelemetry({ taskId, parseResult, gateResult, runCtx = {} }) {
     },
   });
 
-  // wf-037f8d66: Write Architect-run marker for the architect-required PreToolUse gate.
-  // Marker proves Architect ran for this task — gate consults it before allowing
-  // Edit/Write/Bash in coding phase for L1+ tasks. Fail-open on any error.
+  // wf-037f8d66 / wf-2eafdab0: Write Architect-run marker for the architect-required
+  // PreToolUse gate. Marker proves Architect ran for this task — gate consults it
+  // before allowing Edit/Write/Bash in coding phase for L1+ tasks. Fail-open on any
+  // error. Imports from flow-architect-runs.js (neutral location — review M5 fix:
+  // hooks/core no longer owns the marker store, killing the cross-direction dep).
   if (taskId && (telemetryVerdict === 'PASS' || telemetryVerdict === 'PASS_WITH_NOTES')) {
     try {
-      const archGate = require('./hooks/core/architect-required-gate');
-      archGate.writeArchitectRunMarker({
+      const archRuns = require('./flow-architect-runs');
+      archRuns.writeArchitectRunMarker({
         taskId,
         model: runCtx.model || null,
         plan: parseResult?.plan ? { sections: sectionsPresent } : null,
+        specPath: runCtx.specPath || null, // AC15: enables specHash staleness detection
       });
     } catch (_err) { /* fail-open */ }
   }

package/scripts/flow-architect-runs.js

@@ -0,0 +1,194 @@
+'use strict';
+
+/**
+ * Wogi Flow — Architect-Run Marker Store (wf-2eafdab0 / v2.30.1)
+ *
+ * Owns the read/write/GC operations for Architect-run evidence markers
+ * stored at `.workflow/state/architect-runs/<task-id>.json`.
+ *
+ * Why this lives in scripts/ (not hooks/core/): the architect-required gate
+ * READS markers; flow-architect-pass.js WRITES markers. With both helpers
+ * in hooks/core, we'd invert the established hooks-depend-on-scripts
+ * direction (review finding M5). This module is the neutral home both
+ * callers consume from.
+ *
+ * Public API:
+ *   - getArchitectRunPath(taskId) → string|null (validateTaskId guarded)
+ *   - writeArchitectRunMarker({taskId, model, plan, specPath}) → {written, path}
+ *   - hasArchitectRun(taskId, currentSpecPath?) → boolean (content-validated)
+ *   - gcStaleMarkers({maxAgeMs?, retainCompletedTasks?}) → {removed, kept}
+ *   - ARCHITECT_RUNS_DIR (constant)
+ *
+ * Hardening this round (review-fix v2.30.1):
+ *   - AC9:  hasArchitectRun validates JSON parse + taskId field match
+ *   - AC11: validateTaskId guard before path.join (path-traversal defense)
+ *   - AC14: tmp file unlinked on rename failure
+ *   - AC15: specHash (sha256) in marker payload for staleness detection
+ *   - AC8:  gcStaleMarkers removes completed-task markers older than maxAgeMs
+ */
+
+const path = require('node:path');
+const fs = require('node:fs');
+const crypto = require('node:crypto');
+const { PATHS, safeJsonParse, validateTaskId, getReadyData } = require('./flow-utils');
+
+const ARCHITECT_RUNS_DIR = path.join(PATHS.state, 'architect-runs');
+const DEFAULT_GC_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+
+/**
+ * Compute path to the Architect-run evidence marker.
+ * Returns null if taskId fails validateTaskId (path-traversal defense).
+ */
+function getArchitectRunPath(taskId) {
+  if (!taskId || typeof taskId !== 'string') return null;
+  // validateTaskId returns { valid, format }, not a bool — check the field.
+  const v = validateTaskId(taskId);
+  if (!v || v.valid !== true) return null;
+  return path.join(ARCHITECT_RUNS_DIR, `${taskId}.json`);
+}
+
+/**
+ * Compute sha256 of a file's content. Returns null if file missing/unreadable.
+ */
+function _hashFile(filePath) {
+  if (!filePath) return null;
+  try {
+    const content = fs.readFileSync(filePath, 'utf-8');
+    return crypto.createHash('sha256').update(content).digest('hex');
+  } catch (_err) {
+    return null;
+  }
+}
+
+/**
+ * Write Architect-run marker. Atomic temp-then-rename. Tmp file unlinked
+ * on rename failure (no leaked tmp files).
+ */
+function writeArchitectRunMarker(payload) {
+  if (!payload || !payload.taskId) {
+    return { written: false, path: null };
+  }
+  const filePath = getArchitectRunPath(payload.taskId);
+  if (!filePath) {
+    return { written: false, path: null };
+  }
+  const tmpPath = `${filePath}.tmp-${process.pid}`;
+  try {
+    if (!fs.existsSync(ARCHITECT_RUNS_DIR)) {
+      fs.mkdirSync(ARCHITECT_RUNS_DIR, { recursive: true });
+    }
+    const marker = {
+      taskId: payload.taskId,
+      completedAt: payload.completedAt || new Date().toISOString(),
+      model: payload.model || null,
+      plan: payload.plan || null,
+      specHash: payload.specPath ? _hashFile(payload.specPath) : null,
+      specPath: payload.specPath || null
+    };
+    fs.writeFileSync(tmpPath, JSON.stringify(marker, null, 2));
+    fs.renameSync(tmpPath, filePath);
+    return { written: true, path: filePath };
+  } catch (_err) {
+    // Clean up the tmp file if rename failed — don't leak.
+    try { fs.unlinkSync(tmpPath); } catch (_e) { /* fail-open */ }
+    return { written: false, path: null };
+  }
+}
+
+/**
+ * Validate that a marker exists AND its content is well-formed AND, if
+ * `currentSpecPath` is provided, the spec hasn't changed since the marker
+ * was written.
+ *
+ * Returns false on:
+ *   - missing file
+ *   - JSON parse failure (corrupted marker)
+ *   - taskId field mismatch (wrong marker for this task)
+ *   - specHash mismatch (spec was edited after Architect ran — stale)
+ */
+function hasArchitectRun(taskId, currentSpecPath) {
+  const p = getArchitectRunPath(taskId);
+  if (!p) return false;
+  if (!fs.existsSync(p)) return false;
+  const marker = safeJsonParse(p, null);
+  if (!marker || typeof marker !== 'object') return false;
+  if (marker.taskId !== taskId) return false;
+  // specHash check (AC15 — stale-spec invalidation)
+  if (currentSpecPath && marker.specHash) {
+    const currentHash = _hashFile(currentSpecPath);
+    if (currentHash && currentHash !== marker.specHash) return false;
+  }
+  return true;
+}
+
+/**
+ * Remove markers whose task is in `recentlyCompleted` and whose mtime is
+ * older than maxAgeMs. Idempotent; safe to call repeatedly.
+ *
+ * @param {Object} opts
+ * @param {number} [opts.maxAgeMs=7d] — markers older than this are eligible
+ * @param {boolean} [opts.retainCompletedTasks=false] — keep markers for completed tasks
+ *                                                     (default: GC them)
+ * @returns {{removed: string[], kept: string[]}}
+ */
+function gcStaleMarkers(opts = {}) {
+  const maxAgeMs = typeof opts.maxAgeMs === 'number' ? opts.maxAgeMs : DEFAULT_GC_MAX_AGE_MS;
+  const retainCompletedTasks = opts.retainCompletedTasks === true;
+  const result = { removed: [], kept: [] };
+  if (!fs.existsSync(ARCHITECT_RUNS_DIR)) return result;
+
+  // Build set of completed task IDs (markers eligible for GC by default)
+  let completedIds = new Set();
+  try {
+    const ready = getReadyData();
+    if (ready && Array.isArray(ready.recentlyCompleted)) {
+      for (const t of ready.recentlyCompleted) {
+        if (t && t.id) completedIds.add(t.id);
+      }
+    }
+  } catch (_err) { /* fail-open */ }
+
+  const now = Date.now();
+  let entries = [];
+  try {
+    entries = fs.readdirSync(ARCHITECT_RUNS_DIR);
+  } catch (_err) { return result; }
+
+  for (const entry of entries) {
+    if (!entry.endsWith('.json')) continue;
+    const taskId = entry.slice(0, -5); // strip .json
+    if (!validateTaskId(taskId).valid) {
+      // Stray file — leave alone (could be backup or someone else's data)
+      result.kept.push(taskId);
+      continue;
+    }
+    const fullPath = path.join(ARCHITECT_RUNS_DIR, entry);
+    let stat;
+    try { stat = fs.statSync(fullPath); } catch (_err) { continue; }
+    const ageMs = now - stat.mtimeMs;
+    const isCompleted = completedIds.has(taskId);
+    const isExpired = ageMs > maxAgeMs;
+
+    // Eligible for GC: task is completed AND marker is older than maxAge,
+    // unless retainCompletedTasks is true.
+    if (isCompleted && isExpired && !retainCompletedTasks) {
+      try {
+        fs.unlinkSync(fullPath);
+        result.removed.push(taskId);
+      } catch (_err) {
+        result.kept.push(taskId);
+      }
+    } else {
+      result.kept.push(taskId);
+    }
+  }
+  return result;
+}
+
+module.exports = {
+  ARCHITECT_RUNS_DIR,
+  getArchitectRunPath,
+  writeArchitectRunMarker,
+  hasArchitectRun,
+  gcStaleMarkers
+};

package/scripts/flow-feature-dossier.js

@@ -36,6 +36,9 @@ const fs = require('node:fs');
 const path = require('node:path');
 const { execSync } = require('node:child_process');
 const { PATHS, safeJsonParse } = require('./flow-utils');
+const { globToRegex: _gtr } = require('./flow-glob');
+// Local convenience: case-insensitive glob (this module's historical default)
+const globToRegex = (pat) => _gtr(pat, 'i');
 
 const DOSSIER_DIRNAME = 'dossiers';
 const INDEX_FILENAME = 'index.json';
@@ -254,15 +257,6 @@ function matchFeatures(input = {}) {
   return Object.values(scores).sort((a, b) => b.score - a.score);
 }
 
-function globToRegex(pat) {
-  const escaped = pat
-    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
-    .replace(/\*\*/g, '.__DBLSTAR__')
-    .replace(/\*/g, '[^/]*')
-    .replace(/\.__DBLSTAR__/g, '.*')
-    .replace(/\?/g, '[^/]');
-  return new RegExp(`^${escaped}$`, 'i');
-}
 
 function scaffoldDossier(slug, meta = {}) {
   if (RESERVED_SLUGS.has(slug)) {

package/scripts/flow-glob.js

@@ -0,0 +1,104 @@
+'use strict';
+
+/**
+ * Wogi Flow — Glob Matcher (wf-2eafdab0 / v2.30.1)
+ *
+ * Single source of truth for glob → regex conversion across:
+ *   - flow-standards-checker.js (forbidden-patterns exemptions)
+ *   - flow-feature-dossier.js  (dossier scope matching)
+ *   - flow-logic-rules.js      (logic-rule applies-to scope)
+ *
+ * Replaces 3 separate inline implementations (review finding M4).
+ *
+ * Semantics (security-patterns.md §4 compliant):
+ *   - single-star  matches any chars EXCEPT path separators (uses [^/]*, not .*)
+ *   - double-star  matches any chars INCLUDING path separators (uses .*)
+ *   - question     matches a single non-separator char ([^/])
+ *   - "dir/double-star" ALSO matches "dir" itself (the directory case — review M3)
+ *   - "double-star/foo" requires a directory boundary or root — does NOT match
+ *     "xfoo" as a substring of another segment (review M3)
+ *   - All regex metacharacters in literal portions are escaped.
+ *
+ * Public API:
+ *   - globToRegex(glob) → RegExp (anchored ^...$, throws if input invalid)
+ *   - globMatch(filePath, glob) → boolean (false-on-error fail-open)
+ */
+
+/** Regex metacharacters that need escaping when they appear as literal chars. */
+const REGEX_METACHARS = '.^$+(){}[]|\\';
+
+/**
+ * Convert a glob pattern to an anchored regex source string (no flags).
+ * Returns the regex source; caller wraps in `new RegExp(src)` if needed.
+ *
+ * Edge cases (notation: ★ = star — literal asterisk-slash ends JSDoc blocks).
+ * "dir/★★" → directory-or-anything-under regex; "★★/foo" → optional-prefix
+ * regex that requires a directory boundary; bare "★★" → match-anything regex.
+ */
+function globToRegexSource(glob) {
+  if (typeof glob !== 'string') throw new TypeError('glob must be a string');
+  let re = '^';
+  let i = 0;
+  while (i < glob.length) {
+    const c = glob[i];
+    // Detect `**/` — anchored anywhere or at start
+    if (c === '*' && glob[i + 1] === '*' && glob[i + 2] === '/') {
+      // `**/` matches zero-or-more directory segments + separator
+      re += '(?:.*/)?';
+      i += 3;
+    } else if (c === '/' && glob[i + 1] === '*' && glob[i + 2] === '*' && (i + 3 === glob.length || glob[i + 3] === undefined)) {
+      // `dir/**` at end: match `/anything` OR nothing (dir itself)
+      re += '(?:/.*)?';
+      i += 3;
+    } else if (c === '*' && glob[i + 1] === '*') {
+      // `**` not followed by `/` and not preceded by `/` — bare `**` matches anything
+      re += '.*';
+      i += 2;
+    } else if (c === '*') {
+      // single `*` — no path separators
+      re += '[^/]*';
+      i++;
+    } else if (c === '?') {
+      re += '[^/]';
+      i++;
+    } else if (REGEX_METACHARS.includes(c)) {
+      re += '\\' + c;
+      i++;
+    } else {
+      re += c;
+      i++;
+    }
+  }
+  re += '$';
+  return re;
+}
+
+/**
+ * Compile a glob to a RegExp object. Always anchored.
+ * @param {string} glob — pattern string
+ * @param {string} [flags=''] — RegExp flags (e.g., 'i' for case-insensitive)
+ */
+function globToRegex(glob, flags = '') {
+  return new RegExp(globToRegexSource(glob), flags);
+}
+
+/**
+ * Match a file path against a glob. Normalizes Windows-style separators
+ * to forward slashes. Returns false on any error (fail-open for callers
+ * that don't want to handle exceptions).
+ */
+function globMatch(filePath, glob) {
+  if (typeof filePath !== 'string' || typeof glob !== 'string') return false;
+  const normalized = filePath.replace(/\\/g, '/');
+  try {
+    return globToRegex(glob).test(normalized);
+  } catch (_err) {
+    return false;
+  }
+}
+
+module.exports = {
+  globToRegex,
+  globToRegexSource,
+  globMatch
+};

package/scripts/flow-logic-rules.js

@@ -33,6 +33,9 @@ const fs = require('node:fs');
 const path = require('node:path');
 const { execSync } = require('node:child_process');
 const { PATHS } = require('./flow-utils');
+const { globToRegex: _gtr } = require('./flow-glob');
+// Local convenience: case-insensitive glob (this module's historical default)
+const globToRegex = (pat) => _gtr(pat, 'i');
 const { getDossierRoots, DOSSIER_DIRNAME: _DOSSIER_DIRNAME } = require('./flow-feature-dossier');
 
 const LOGIC_RULES_FILENAME = '_logic-rules.md';
@@ -133,15 +136,6 @@ function listRules() {
   return all;
 }
 
-function globToRegex(pat) {
-  const escaped = pat
-    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
-    .replace(/\*\*/g, '.__DBLSTAR__')
-    .replace(/\*/g, '[^/]*')
-    .replace(/\.__DBLSTAR__/g, '.*')
-    .replace(/\?/g, '[^/]');
-  return new RegExp(`^${escaped}$`, 'i');
-}
 
 function matchRulesForFiles(files = [], extraKeywords = []) {
   if (!Array.isArray(files)) files = [files];

package/scripts/flow-standards-checker.js

@@ -23,6 +23,7 @@ const {
   color,
   getConfig
 } = require('./flow-utils');
+const { globMatch } = require('./flow-glob');
 const {
   calculateCombinedSimilarity,
   getMatchLevel,
@@ -672,6 +673,12 @@ function checkForbiddenPatterns(file, patterns) {
     ? path.relative(PATHS.root, file.path)
     : file.path;
 
+  // AC3 (M1 fix): per-file content size cap. Skip files that exceed the cap;
+  // attacker-supplied or accidentally-huge inputs can't lock the matcher.
+  if (content.length > DEFAULT_MAX_CONTENT_BYTES) {
+    return violations; // silently skip — large file, no scan
+  }
+
   for (const entry of patterns) {
     if (!entry || typeof entry !== 'object') continue;
     if (!entry.pattern || typeof entry.pattern !== 'string') continue;
@@ -681,6 +688,20 @@ function checkForbiddenPatterns(file, patterns) {
     const exempted = exemptions.some(glob => globMatch(relPath, glob));
     if (exempted) continue;
 
+    // AC3 (M1 fix): pre-compile reject of catastrophic-backtracking patterns.
+    const catRisk = detectCatastrophicPattern(entry.pattern);
+    if (catRisk) {
+      violations.push({
+        type: 'forbidden-pattern-malformed',
+        severity: 'warning',
+        file: file.path,
+        line: 1,
+        message: `Pattern "${entry.id || entry.pattern}" rejected pre-compile: ${catRisk}`,
+        rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+      });
+      continue; // don't compile or run the dangerous pattern
+    }
+
     // Compile regex
     let re;
     try {
@@ -691,10 +712,25 @@ function checkForbiddenPatterns(file, patterns) {
       continue;
     }
 
-    // Match
+    // Match — with wall-clock budget (AC3/M1 fix).
     let match;
     re.lastIndex = 0;
+    const deadline = Date.now() + DEFAULT_MATCH_BUDGET_MS;
     while ((match = re.exec(content)) !== null) {
+      // Budget check: bail out gracefully if the matcher takes too long.
+      // Acceptable to drop late matches — defends against ReDoS, not a
+      // correctness guarantee.
+      if (Date.now() > deadline) {
+        violations.push({
+          type: 'forbidden-pattern-timeout',
+          severity: 'warning',
+          file: file.path,
+          line: 1,
+          message: `Pattern "${entry.id || entry.pattern}" exceeded ${DEFAULT_MATCH_BUDGET_MS}ms budget on this file — partial results, scan aborted.`,
+          rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+        });
+        break;
+      }
       const before = content.substring(0, match.index);
       const lineNumber = (before.match(/\n/g) || []).length + 1;
       violations.push({
@@ -714,63 +750,69 @@ function checkForbiddenPatterns(file, patterns) {
   return violations;
 }
 
+// Note: globMatch was extracted to scripts/flow-glob.js (review M4 fix —
+// kills 3 separate inline implementations). Imported at top of this file.
+
 /**
- * Minimal glob-to-regex matcher for forbidden-pattern exemptions.
- * Supports: `**` (any depth), `*` (no path separator), exact match.
- * Per security-patterns.md §4: use `[^/]*` not `.*` to prevent path
- * separator matching in `*` (only `**` should cross directories).
+ * Detect catastrophic-backtracking regex patterns BEFORE compilation.
+ * Returns a reason string if the pattern looks ReDoS-prone, null otherwise.
+ *
+ * Heuristic: nested quantifiers like (a+)+, (.*)*, ([a-z]+)+ are the canonical
+ * shape. We don't claim to catch every adversarial pattern — just the common
+ * ones. Per AC3 (review M1 fix).
  */
-function globMatch(filePath, glob) {
-  const normalized = filePath.replace(/\\/g, '/');
-  // Build regex from glob
-  let re = '^';
-  let i = 0;
-  while (i < glob.length) {
-    const c = glob[i];
-    if (c === '*' && glob[i + 1] === '*') {
-      // ** matches anything including separators
-      re += '.*';
-      i += 2;
-      // Skip a following / so '**/foo' matches both 'foo' and 'a/b/foo'
-      if (glob[i] === '/') i++;
-    } else if (c === '*') {
-      re += '[^/]*';
-      i++;
-    } else if (c === '?') {
-      re += '[^/]';
-      i++;
-    } else if ('.^$+(){}[]|\\'.includes(c)) {
-      re += '\\' + c;
-      i++;
-    } else {
-      re += c;
-      i++;
-    }
-  }
-  re += '$';
-  try {
-    return new RegExp(re).test(normalized);
-  } catch (_err) {
-    return false;
+function detectCatastrophicPattern(patternSrc) {
+  if (typeof patternSrc !== 'string') return null;
+  // Match: ( ... <quantifier> ) <quantifier>
+  // Where quantifier is one of: +, *, {n,m}
+  const NESTED = /\([^()]*[+*][^()]*\)\s*[+*]/;
+  if (NESTED.test(patternSrc)) {
+    return 'nested-quantifier (e.g., (a+)+, (.*)*, ([a-z]+)+) — catastrophic backtracking risk';
   }
+  return null;
 }
 
+const DEFAULT_MAX_CONTENT_BYTES = 1_000_000; // 1MB
+const DEFAULT_MATCH_BUDGET_MS = 200;
+
 /**
  * Load forbidden-patterns.json from project state dir.
+ * Uses safeJsonParse (per security-patterns.md §2 — review H1 fix).
+ * Emits stderr warning when state dir exists but file does NOT (AC2/H2 — silent
+ * no-op detection) and when file exists but parse fails (AC12/L2).
  * @returns {Object[]} pattern entries (empty array if missing/invalid)
  */
 function loadForbiddenPatterns(projectRoot) {
   const root = projectRoot || PATHS.root;
-  const filePath = path.join(root, '.workflow', 'state', 'forbidden-patterns.json');
-  if (!fs.existsSync(filePath)) return [];
-  try {
-    const raw = fs.readFileSync(filePath, 'utf-8');
-    const parsed = JSON.parse(raw);
-    if (!Array.isArray(parsed)) return [];
-    return parsed;
-  } catch (_err) {
+  const stateDir = path.join(root, '.workflow', 'state');
+  const filePath = path.join(stateDir, 'forbidden-patterns.json');
+  if (!fs.existsSync(filePath)) {
+    // AC2/H2: warn when state dir is initialized but pack is missing.
+    // Mirrors the CL-004 stderr-warn pattern in pre-tool-deps.js — silently
+    // shimming a missing rule pack masks broken installs.
+    if (fs.existsSync(stateDir) && process.env.WOGI_QUIET !== '1') {
+      console.error(
+        '[Standards] forbidden-patterns.json not found at .workflow/state/ — feature ' +
+        'inactive this run. Run `flow init --force` or copy from ' +
+        '.workflow/state/forbidden-patterns.json.template to enable.'
+      );
+    }
+    return [];
+  }
+  // AC1/H1 fix: use safeJsonParse instead of raw JSON.parse(fs.readFileSync(...))
+  const parsed = safeJsonParse(filePath, null);
+  if (parsed === null) {
+    // AC12/L2: warn when the file exists but parse failed (syntax error).
+    if (process.env.WOGI_QUIET !== '1') {
+      console.error(
+        '[Standards] forbidden-patterns.json failed to parse — feature disabled this run. ' +
+        'Check for trailing commas / mismatched braces.'
+      );
+    }
     return [];
   }
+  if (!Array.isArray(parsed)) return [];
+  return parsed;
 }
 
 function checkApiDuplication(file, existingEndpoints, matchConfig) {

package/scripts/hooks/core/architect-required-gate.js

@@ -1,97 +1,59 @@
-#!/usr/bin/env node
+'use strict';
 
 /**
- * Wogi Flow - Architect-Required Gate (wf-037f8d66)
+ * Wogi Flow - Architect-Required Gate (wf-037f8d66, hardened in wf-2eafdab0)
  *
  * Closes the methodology gap where the IGR Architect/Adversary pass at
  * spec_review IS specced (per .claude/docs/phases/02-spec.md) but enforcement
  * is prompt-only — the agent can skip Architect and go straight to coding.
  *
- * This gate fires on Edit/Write during the `coding` phase for L1+ tasks when
- * config.intentGroundedReasoning.enabled is true and no evidence of an
+ * This gate fires on Edit/Write/Bash during the `coding` phase for L1+ tasks
+ * when config.intentGroundedReasoning.enabled is true and no evidence of an
  * Architect run exists for the current task.
  *
- * Evidence marker: `.workflow/state/architect-runs/<task-id>.json` written
- * by flow-architect-pass.js on successful completion.
+ * Evidence marker: read from flow-architect-runs.js (the neutral-location
+ * module that BOTH this gate and flow-architect-pass.js consume — keeps
+ * hooks/core from owning state hooks/core's parents need to write to).
  *
  * Scope:
  *   - L0 (epic) / L1 (story) tasks: Architect required → gate enforces
  *   - L2 / L3 tasks: skip spec_review entirely (correctly) → gate is a no-op
+ *   - type=story/epic with MISSING level: fail-closed (treat as L1)
  *
- * Fail-open: any error reading state/config → allow tool call. Same pattern
- * as research-evidence-gate.js.
- */
-
-const path = require('node:path');
-const fs = require('node:fs');
-const { PATHS } = require('../../flow-utils');
-
-const ARCHITECT_RUNS_DIR = path.join(PATHS.state, 'architect-runs');
-
-/**
- * Compute path to the Architect-run evidence marker for a task.
- */
-function getArchitectRunPath(taskId) {
-  if (!taskId || typeof taskId !== 'string') return null;
-  return path.join(ARCHITECT_RUNS_DIR, `${taskId}.json`);
-}
-
-/**
- * Write an Architect-run evidence marker. Called by flow-architect-pass.js
- * on successful completion. Atomic write-temp + rename.
+ * Mutation set: Edit, Write, Bash (NOT TodoWrite — review finding M8: blocking
+ * planning before coding is chicken-and-egg).
  *
- * @param {Object} payload — { taskId, completedAt, model, plan }
- * @returns {{ written: boolean, path: string|null }}
+ * Fail-open: any error reading state/config → allow tool call.
  */
-function writeArchitectRunMarker(payload) {
-  if (!payload || !payload.taskId) {
-    return { written: false, path: null };
-  }
-  try {
-    if (!fs.existsSync(ARCHITECT_RUNS_DIR)) {
-      fs.mkdirSync(ARCHITECT_RUNS_DIR, { recursive: true });
-    }
-    const filePath = getArchitectRunPath(payload.taskId);
-    const tmpPath = `${filePath}.tmp-${process.pid}`;
-    fs.writeFileSync(tmpPath, JSON.stringify({
-      taskId: payload.taskId,
-      completedAt: payload.completedAt || new Date().toISOString(),
-      model: payload.model || null,
-      plan: payload.plan || null
-    }, null, 2));
-    fs.renameSync(tmpPath, filePath);
-    return { written: true, path: filePath };
-  } catch (_err) {
-    return { written: false, path: null };
-  }
-}
 
-/**
- * Check whether an Architect run is recorded for a given task.
- * @param {string} taskId
- * @returns {boolean}
- */
-function hasArchitectRun(taskId) {
-  const p = getArchitectRunPath(taskId);
-  if (!p) return false;
-  try {
-    return fs.existsSync(p);
-  } catch (_err) {
-    return false;
-  }
-}
+const archRuns = require('../../flow-architect-runs');
+const { hasArchitectRun, getArchitectRunPath, writeArchitectRunMarker } = archRuns;
 
 /**
- * Determine whether the current task requires Architect (L1+ only).
- * @param {Object} taskMeta — task record from ready.json (has level, type)
- * @returns {boolean}
+ * Determine whether the current task requires Architect.
+ *
+ * Returns true for:
+ *   - L0 (epic), L1 (story)
+ *   - type=story OR type=epic with MISSING/empty level (fail-closed — review M2)
+ *
+ * Returns false for:
+ *   - explicit L2 / L3 (regardless of type)
+ *   - missing/null taskMeta
+ *   - unknown type with no level signal
  */
 function requiresArchitect(taskMeta) {
   if (!taskMeta || typeof taskMeta !== 'object') return false;
   const level = (taskMeta.level || '').toUpperCase();
-  // L0 (epic) and L1 (story) require Architect.
-  // L2 (task) / L3 (subtask) bypass spec_review correctly.
-  return level === 'L0' || level === 'L1';
+  // Explicit level takes precedence
+  if (level === 'L0' || level === 'L1') return true;
+  if (level === 'L2' || level === 'L3') return false;
+  // No explicit level — fail-closed for stories/epics (M2 fix).
+  // A task created without a level field is untracked-by-pipeline; treating
+  // it as "doesn't need architect" lets bypass slip through. Stories/epics
+  // are exactly the work-types Architect is for.
+  const type = (taskMeta.type || '').toLowerCase();
+  if (type === 'story' || type === 'epic') return true;
+  return false;
 }
 
 /**
@@ -101,7 +63,6 @@ function requiresArchitect(taskMeta) {
 function isGateEnabled(config) {
   const igr = config?.intentGroundedReasoning;
   if (!igr || igr.enabled === false) return false;
-  // Explicit toggle on the gate itself overrides
   if (config?.architectRequiredGate?.enabled === false) return false;
   return true;
 }
@@ -109,67 +70,55 @@ function isGateEnabled(config) {
 /**
  * Main gate check.
  *
- * @param {Object} ctx — { phase, taskId, taskMeta, config, toolName }
+ * @param {Object} ctx — { phase, taskId, taskMeta, config, toolName, specPath? }
  * @returns {{ blocked: boolean, reason?: string, message?: string }}
  */
 function checkArchitectRequired(ctx) {
-  const { phase, taskId, taskMeta, config, toolName } = ctx || {};
+  const { phase, taskId, taskMeta, config, toolName, specPath } = ctx || {};
 
-  // Only fires on tools that mutate state (Edit/Write/Bash/TodoWrite)
-  const mutationTools = new Set(['Edit', 'Write', 'TodoWrite', 'Bash']);
-  if (!toolName || !mutationTools.has(toolName)) {
-    return { blocked: false };
-  }
+  // Mutation set: Edit/Write/Bash only. TodoWrite removed (M8).
+  const mutationTools = new Set(['Edit', 'Write', 'Bash']);
+  if (!toolName || !mutationTools.has(toolName)) return { blocked: false };
 
   // Only fires during coding phase
-  if (phase !== 'coding') {
-    return { blocked: false };
-  }
+  if (phase !== 'coding') return { blocked: false };
 
   // Gate disabled (or IGR off)
-  if (!isGateEnabled(config)) {
-    return { blocked: false };
-  }
+  if (!isGateEnabled(config)) return { blocked: false };
 
-  // No active task → not in scope (gate doesn't apply)
-  if (!taskId) {
-    return { blocked: false };
-  }
+  // No active task → not in scope
+  if (!taskId) return { blocked: false };
 
-  // L2/L3 tasks bypass spec_review correctly — gate is a no-op
-  if (!requiresArchitect(taskMeta)) {
-    return { blocked: false };
-  }
+  // L2/L3 tasks correctly bypass spec_review — gate is a no-op
+  if (!requiresArchitect(taskMeta)) return { blocked: false };
 
-  // Check for evidence marker
-  if (hasArchitectRun(taskId)) {
-    return { blocked: false };
-  }
+  // Check evidence marker (with content validation + optional specHash check)
+  if (hasArchitectRun(taskId, specPath)) return { blocked: false };
 
-  // Block: Architect required but no evidence
   return {
     blocked: true,
     reason: 'architect-required',
     message: [
       `ARCHITECT-REQUIRED GATE: task ${taskId} is L1+ in coding phase but no `,
-      `Architect run is recorded at ${getArchitectRunPath(taskId)}.\n\n`,
+      `valid Architect run is recorded at ${getArchitectRunPath(taskId)}.\n\n`,
       `Per .claude/docs/phases/02-spec.md Step 1.55, L1+ tasks must run an `,
       `Architect pass before coding. Invoke:\n\n`,
       `  node scripts/flow-architect-pass.js run --task=${taskId}\n\n`,
       `Then retry your edit. To opt out for this task only, set `,
-      `config.architectRequiredGate.enabled = false (project-level), or use `,
-      `\`flow architect-skip --task=${taskId} --reason="..."\` (single-task escape; `,
-      `not yet implemented — opens follow-up wf if needed).`
+      `config.architectRequiredGate.enabled = false (project-level).`
     ].join('')
   };
 }
 
 module.exports = {
   checkArchitectRequired,
-  writeArchitectRunMarker,
-  hasArchitectRun,
+  // Re-exports from flow-architect-runs for backward compat with existing
+  // test suite + flow-architect-pass.js. These pass-throughs let consumers
+  // who already require the gate continue to work; new consumers should
+  // prefer require('../../flow-architect-runs') directly.
   requiresArchitect,
-  getArchitectRunPath,
   isGateEnabled,
-  ARCHITECT_RUNS_DIR
+  hasArchitectRun,
+  getArchitectRunPath,
+  writeArchitectRunMarker
 };

package/scripts/hooks/core/pre-tool-helpers.js

@@ -64,9 +64,47 @@ function isAllGatesDisabled(hookStatus) {
   );
 }
 
+/**
+ * Resolve the current workflow phase + task meta from state files.
+ *
+ * Reads `.workflow/state/workflow-phase.json` for { phase, taskId }, then
+ * looks up the matching task in `ready.json.inProgress` for full taskMeta.
+ *
+ * Fail-open everywhere: any read/parse error → returns the partial state
+ * resolved so far. Multiple gates may need this context; centralizing here
+ * stops the inline-block proliferation flagged by review L3.
+ *
+ * @returns {{phase: string, taskId: string|null, taskMeta: object|null}}
+ */
+function resolveCurrentTaskContext() {
+  const path = require('node:path');
+  const flowUtils = require('../../flow-utils');
+  const flowIo = require('../../flow-io');
+  let phase = 'idle';
+  let taskId = null;
+  let taskMeta = null;
+  try {
+    const phaseStatePath = path.join(flowUtils.PATHS.state, 'workflow-phase.json');
+    const ps = flowIo.safeJsonParse(phaseStatePath, null);
+    if (ps) {
+      phase = ps.phase || 'idle';
+      taskId = ps.taskId || null;
+    }
+  } catch (_err) { /* fail-open */ }
+  if (taskId) {
+    try {
+      const ready = flowUtils.getReadyData ? flowUtils.getReadyData() : null;
+      const inProgress = (ready && Array.isArray(ready.inProgress)) ? ready.inProgress : [];
+      taskMeta = inProgress.find(t => t && t.id === taskId) || null;
+    } catch (_err) { /* fail-open */ }
+  }
+  return { phase, taskId, taskMeta };
+}
+
 module.exports = {
   VALID_AGENT_TYPES,
   READ_ONLY_AGENT_TYPES,
   parseSubagentContext,
   isAllGatesDisabled,
+  resolveCurrentTaskContext,
 };

package/scripts/hooks/core/pre-tool-orchestrator.js

@@ -118,35 +118,17 @@ function runPreToolGates(ctx, deps) {
     }
   }
 
-  // Architect-required gate (wf-037f8d66)
+  // Architect-required gate (wf-037f8d66, hardened wf-2eafdab0)
   // L1+ tasks in coding phase must have run Architect/Adversary before any Edit/Write/Bash.
+  // TodoWrite removed from gate set (review M8 fix — planning-tool chicken-and-egg).
   // L2/L3 tasks bypass spec_review entirely (correctly), so the gate is a no-op there.
+  // Task context resolution extracted to resolveCurrentTaskContext (review L3 fix).
   // Fail-open on any error.
   if (typeof deps.checkArchitectRequired === 'function' &&
-      (toolName === 'Edit' || toolName === 'Write' || toolName === 'Bash' || toolName === 'TodoWrite')) {
+      (toolName === 'Edit' || toolName === 'Write' || toolName === 'Bash')) {
     try {
-      // Resolve current phase + task meta from active state
-      const flowUtils = require('../../flow-utils');
-      const flowIo = require('../../flow-io');
-      let phase = 'idle';
-      let taskId = null;
-      let taskMeta = null;
-      try {
-        const phaseStatePath = path.join(flowUtils.PATHS.state, 'workflow-phase.json');
-        const ps = flowIo.safeJsonParse(phaseStatePath, null);
-        if (ps) {
-          phase = ps.phase || 'idle';
-          taskId = ps.taskId || null;
-        }
-      } catch (_err) { /* fail-open */ }
-      if (taskId) {
-        try {
-          const ready = flowUtils.getReadyData ? flowUtils.getReadyData() : null;
-          const inProgress = (ready && Array.isArray(ready.inProgress)) ? ready.inProgress : [];
-          taskMeta = inProgress.find(t => t && t.id === taskId) || null;
-        } catch (_err) { /* fail-open */ }
-      }
-
+      const { resolveCurrentTaskContext } = require('./pre-tool-helpers');
+      const { phase, taskId, taskMeta } = resolveCurrentTaskContext();
       const archResult = deps.checkArchitectRequired({
         phase, taskId, taskMeta, config, toolName
       });

package/scripts/hooks/core/session-end.js

@@ -68,6 +68,18 @@ function handleSessionEnd(input) {
       result.logged = false;
     }
 
+    // wf-2eafdab0 (AC8): GC stale architect-run markers for completed tasks.
+    // Markers in `.workflow/state/architect-runs/` accumulate forever otherwise;
+    // task-id collision (re-used fixtures, manual ID re-use) bypasses the gate.
+    // Fail-open everywhere — never block session end.
+    try {
+      const { gcStaleMarkers } = require('../../flow-architect-runs');
+      const gc = gcStaleMarkers(); // default 7-day retention for completed tasks
+      if (gc && gc.removed && gc.removed.length > 0) {
+        result.architectMarkerGc = { removed: gc.removed.length };
+      }
+    } catch (_err) { /* non-critical */ }
+
     // Surface pending skill proposals staged by `flow skill propose|patch|remove`.
     // These await user approval (`flow skill promote|reject`) at session end.
     try {

package/scripts/postinstall.js

@@ -148,6 +148,31 @@ function createMinimalStructure() {
       }, null, 2), { mode: FILE_MODE });
     }
   }
+
+  // wf-2eafdab0 (AC2/H2): Create forbidden-patterns.json from template on fresh
+  // installs. Idempotent — never overwrites an existing file. Without this, the
+  // declarative-forbidden-pattern feature ships as a silent no-op (the v2.30.0
+  // bug this commit fixes).
+  const forbiddenPatternsPath = path.join(STATE_DIR, 'forbidden-patterns.json');
+  if (!fs.existsSync(forbiddenPatternsPath)) {
+    const fpTemplate = path.join(STATE_DIR, 'forbidden-patterns.json.template');
+    try {
+      const rawContent = fs.existsSync(fpTemplate)
+        ? fs.readFileSync(fpTemplate, 'utf-8')
+        : '[]';
+      const parsed = safeJsonParseString(rawContent, []);
+      fs.writeFileSync(
+        forbiddenPatternsPath,
+        JSON.stringify(parsed, null, 2),
+        { mode: FILE_MODE }
+      );
+    } catch (err) {
+      if (process.env.DEBUG) {
+        console.error(`[postinstall] forbidden-patterns template error: ${err.message}`);
+      }
+      fs.writeFileSync(forbiddenPatternsPath, '[]\n', { mode: FILE_MODE });
+    }
+  }
 }
 
 /**