wogiflow 2.30.0 → 2.30.2

package/.workflow/state/forbidden-patterns.json.template

@@ -0,0 +1,15 @@
+[
+  {
+    "id": "no-claude-code-literal-in-core",
+    "pattern": "claude-code|tool_name|tool_input",
+    "flags": "i",
+    "severity": "must-fix",
+    "message": "Hooks/core files must not reference CLI-specific identifiers (claude-code, tool_name, tool_input). Use the normalized toolName / toolInput parameters from the orchestrator (CLI-agnostic). See .claude/rules/architecture/hook-three-layer.md.",
+    "exemptions": [
+      "scripts/hooks/entry/**",
+      "scripts/hooks/adapters/**",
+      "tests/**",
+      "**/*.test.js"
+    ]
+  }
+]

package/lib/installer.js

@@ -583,6 +583,36 @@ function createWorkflowStructure(projectRoot, config) {
     }
   }
 
+  // wf-d5fcb880 (H2): scaffold forbidden-patterns.json from its template.
+  // The template ships in the npm package (per package.json `files` →
+  // `.workflow/state/*.template`). Without this step, the standards-checker's
+  // forbidden-patterns feature is a silent no-op on fresh installs — the loader
+  // returns [] because no rule pack exists on disk. The previous review flagged
+  // this as a HIGH finding (H2 in last-review.json).
+  const forbiddenPath = path.join(workflowDir, 'state', 'forbidden-patterns.json');
+  if (!fs.existsSync(forbiddenPath)) {
+    const templatePath = path.join(workflowDir, 'state', 'forbidden-patterns.json.template');
+    if (fs.existsSync(templatePath)) {
+      try {
+        const templateContent = fs.readFileSync(templatePath, 'utf-8');
+        fs.writeFileSync(forbiddenPath, templateContent);
+      } catch (err) {
+        // Fall back to an empty array so the file exists and is parseable.
+        // safeJsonParse on this returns [] (valid empty pack); loader behaves
+        // identically to the no-file path but the user no longer sees the
+        // "forbidden-patterns.json not found" stderr warning.
+        if (process.env.DEBUG) {
+          console.error(`[installer] forbidden-patterns template copy failed: ${err.message}`);
+        }
+        fs.writeFileSync(forbiddenPath, '[]\n');
+      }
+    } else {
+      // Template not shipped (unusual install layout) — still scaffold an
+      // empty pack so loader is silent.
+      fs.writeFileSync(forbiddenPath, '[]\n');
+    }
+  }
+
   // Create registry manifest (dynamic registry discovery)
   const registryManifestPath = path.join(workflowDir, 'state', 'registry-manifest.json');
   if (!fs.existsSync(registryManifestPath)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.30.0",
+  "version": "2.30.2",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {
@@ -10,7 +10,7 @@
   },
   "scripts": {
     "flow": "./scripts/flow",
-    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-correction-detector-reconcile.test.js tests/flow-correction-backfill.test.js tests/flow-audit-gates-feature-output-health.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js tests/flow-standards-forbidden-patterns.test.js tests/flow-hooks-architect-required-gate.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
+    "test": "NODE_ENV=test node --test tests/auto-compact-prompt.test.js tests/flow-paths.test.js tests/flow-io.test.js tests/flow-audit-gates.test.js tests/flow-standards-hook-three-layer.test.js tests/flow-correction-detector-reconcile.test.js tests/flow-correction-backfill.test.js tests/flow-audit-gates-feature-output-health.test.js tests/flow-config-loader.test.js tests/flow-damage-control.test.js tests/flow-output.test.js tests/flow-constants.test.js tests/flow-session-state.test.js tests/flow-hooks-integration.test.js tests/flow-utils.test.js tests/flow-security.test.js tests/flow-memory-db.test.js tests/flow-durable-session.test.js tests/flow-skill-matcher.test.js tests/flow-bridge.test.js tests/flow-proactive-compact.test.js tests/flow-cascade-completion.test.js tests/flow-capture-gate.test.js tests/flow-correction-detector-hybrid.test.js tests/flow-promote.test.js tests/flow-archive-runs.test.js tests/flow-memory.test.js tests/flow-hooks-pre-tool-helpers.test.js tests/flow-hooks-bugfix-scope-gate.test.js tests/flow-hooks-routing-gate.test.js tests/flow-hooks-phase-read-gate.test.js tests/flow-hooks-commit-log-gate.test.js tests/flow-hooks-deploy-gate.test.js tests/flow-hooks-todowrite-gate.test.js tests/flow-hooks-git-safety-gate.test.js tests/flow-hooks-scope-mutation-gate.test.js tests/flow-hooks-strike-gate.test.js tests/flow-hooks-component-check.test.js tests/flow-hooks-scope-gate.test.js tests/flow-hooks-implementation-gate.test.js tests/flow-hooks-research-gate.test.js tests/flow-hooks-loop-check.test.js tests/flow-hooks-manager-boundary-gate.test.js tests/flow-hooks-phase-gate.test.js tests/flow-hooks-pre-tool-orchestrator.test.js tests/flow-hooks-observation-capture.test.js tests/flow-hooks-task-gate.test.js tests/flow-durable-session-suspension.test.js tests/flow-health-mcp-scopes.test.js tests/flow-lean-config.test.js tests/flow-workspace-autopickup.test.js tests/flow-worker-boundary-gate.test.js tests/flow-worker-question-classifier.test.js tests/flow-completion-truth-gate-contradictions.test.js tests/flow-structure-sensor.test.js tests/flow-workspace-dispatch-tracking.test.js tests/workspace-ipc-sqlite.test.js tests/workspace-ipc-multi-worker.test.js tests/flow-story-gates.test.js tests/flow-workspace-restart-handoff.test.js tests/flow-wogi-claude-wrapper.test.js tests/flow-wave1-integrations.test.js tests/flow-wave2-integrations.test.js tests/flow-wave3-integrations.test.js tests/flow-commit-claims-gate.test.js tests/auto-review.test.js tests/gate-telemetry-surface.test.js tests/agents-md-alias.test.js tests/flow-skill-manage.test.js tests/fuzzy-patch.test.js tests/mode-schema.test.js tests/flow-feature-dossier.test.js tests/flow-autonomous-mode.test.js tests/flow-epic-cascade.test.js tests/flow-workspace-summary.test.js tests/flow-hooks-research-evidence-gate.test.js tests/flow-worker-mcp-strip.test.js tests/flow-orchestrate-corrections.test.js tests/flow-source-fidelity.test.js tests/flow-hooks-long-input-enforcement.test.js tests/workspace-channel-tracking.test.js tests/flow-hooks-deletion-log.test.js tests/flow-task-boundary-reset.test.js tests/flow-deferral-gate.test.js tests/flow-research-required-gate.test.js tests/flow-standards-forbidden-patterns.test.js tests/flow-hooks-architect-required-gate.test.js tests/flow-architect-runs.test.js && NODE_ENV=test node tests/run-quality-gates.test.js",
     "test:syntax": "find scripts/ lib/ -name '*.js' -not -path '*/node_modules/*' -exec node --check {} +",
     "lint": "eslint scripts/ lib/ tests/",
     "lint:ci": "eslint scripts/ lib/ tests/ --max-warnings 0",

package/scripts/flow-architect-pass.js

@@ -480,16 +480,19 @@ function recordTelemetry({ taskId, parseResult, gateResult, runCtx = {} }) {
     },
   });
 
-  // wf-037f8d66: Write Architect-run marker for the architect-required PreToolUse gate.
-  // Marker proves Architect ran for this task — gate consults it before allowing
-  // Edit/Write/Bash in coding phase for L1+ tasks. Fail-open on any error.
+  // wf-037f8d66 / wf-2eafdab0: Write Architect-run marker for the architect-required
+  // PreToolUse gate. Marker proves Architect ran for this task — gate consults it
+  // before allowing Edit/Write/Bash in coding phase for L1+ tasks. Fail-open on any
+  // error. Imports from flow-architect-runs.js (neutral location — review M5 fix:
+  // hooks/core no longer owns the marker store, killing the cross-direction dep).
   if (taskId && (telemetryVerdict === 'PASS' || telemetryVerdict === 'PASS_WITH_NOTES')) {
     try {
-      const archGate = require('./hooks/core/architect-required-gate');
-      archGate.writeArchitectRunMarker({
+      const archRuns = require('./flow-architect-runs');
+      archRuns.writeArchitectRunMarker({
         taskId,
         model: runCtx.model || null,
         plan: parseResult?.plan ? { sections: sectionsPresent } : null,
+        specPath: runCtx.specPath || null, // AC15: enables specHash staleness detection
       });
     } catch (_err) { /* fail-open */ }
   }

package/scripts/flow-architect-runs.js

@@ -0,0 +1,194 @@
+'use strict';
+
+/**
+ * Wogi Flow — Architect-Run Marker Store (wf-2eafdab0 / v2.30.1)
+ *
+ * Owns the read/write/GC operations for Architect-run evidence markers
+ * stored at `.workflow/state/architect-runs/<task-id>.json`.
+ *
+ * Why this lives in scripts/ (not hooks/core/): the architect-required gate
+ * READS markers; flow-architect-pass.js WRITES markers. With both helpers
+ * in hooks/core, we'd invert the established hooks-depend-on-scripts
+ * direction (review finding M5). This module is the neutral home both
+ * callers consume from.
+ *
+ * Public API:
+ *   - getArchitectRunPath(taskId) → string|null (validateTaskId guarded)
+ *   - writeArchitectRunMarker({taskId, model, plan, specPath}) → {written, path}
+ *   - hasArchitectRun(taskId, currentSpecPath?) → boolean (content-validated)
+ *   - gcStaleMarkers({maxAgeMs?, retainCompletedTasks?}) → {removed, kept}
+ *   - ARCHITECT_RUNS_DIR (constant)
+ *
+ * Hardening this round (review-fix v2.30.1):
+ *   - AC9:  hasArchitectRun validates JSON parse + taskId field match
+ *   - AC11: validateTaskId guard before path.join (path-traversal defense)
+ *   - AC14: tmp file unlinked on rename failure
+ *   - AC15: specHash (sha256) in marker payload for staleness detection
+ *   - AC8:  gcStaleMarkers removes completed-task markers older than maxAgeMs
+ */
+
+const path = require('node:path');
+const fs = require('node:fs');
+const crypto = require('node:crypto');
+const { PATHS, safeJsonParse, validateTaskId, getReadyData } = require('./flow-utils');
+
+const ARCHITECT_RUNS_DIR = path.join(PATHS.state, 'architect-runs');
+const DEFAULT_GC_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000; // 7 days
+
+/**
+ * Compute path to the Architect-run evidence marker.
+ * Returns null if taskId fails validateTaskId (path-traversal defense).
+ */
+function getArchitectRunPath(taskId) {
+  if (!taskId || typeof taskId !== 'string') return null;
+  // validateTaskId returns { valid, format }, not a bool — check the field.
+  const v = validateTaskId(taskId);
+  if (!v || v.valid !== true) return null;
+  return path.join(ARCHITECT_RUNS_DIR, `${taskId}.json`);
+}
+
+/**
+ * Compute sha256 of a file's content. Returns null if file missing/unreadable.
+ */
+function _hashFile(filePath) {
+  if (!filePath) return null;
+  try {
+    const content = fs.readFileSync(filePath, 'utf-8');
+    return crypto.createHash('sha256').update(content).digest('hex');
+  } catch (_err) {
+    return null;
+  }
+}
+
+/**
+ * Write Architect-run marker. Atomic temp-then-rename. Tmp file unlinked
+ * on rename failure (no leaked tmp files).
+ */
+function writeArchitectRunMarker(payload) {
+  if (!payload || !payload.taskId) {
+    return { written: false, path: null };
+  }
+  const filePath = getArchitectRunPath(payload.taskId);
+  if (!filePath) {
+    return { written: false, path: null };
+  }
+  const tmpPath = `${filePath}.tmp-${process.pid}`;
+  try {
+    if (!fs.existsSync(ARCHITECT_RUNS_DIR)) {
+      fs.mkdirSync(ARCHITECT_RUNS_DIR, { recursive: true });
+    }
+    const marker = {
+      taskId: payload.taskId,
+      completedAt: payload.completedAt || new Date().toISOString(),
+      model: payload.model || null,
+      plan: payload.plan || null,
+      specHash: payload.specPath ? _hashFile(payload.specPath) : null,
+      specPath: payload.specPath || null
+    };
+    fs.writeFileSync(tmpPath, JSON.stringify(marker, null, 2));
+    fs.renameSync(tmpPath, filePath);
+    return { written: true, path: filePath };
+  } catch (_err) {
+    // Clean up the tmp file if rename failed — don't leak.
+    try { fs.unlinkSync(tmpPath); } catch (_e) { /* fail-open */ }
+    return { written: false, path: null };
+  }
+}
+
+/**
+ * Validate that a marker exists AND its content is well-formed AND, if
+ * `currentSpecPath` is provided, the spec hasn't changed since the marker
+ * was written.
+ *
+ * Returns false on:
+ *   - missing file
+ *   - JSON parse failure (corrupted marker)
+ *   - taskId field mismatch (wrong marker for this task)
+ *   - specHash mismatch (spec was edited after Architect ran — stale)
+ */
+function hasArchitectRun(taskId, currentSpecPath) {
+  const p = getArchitectRunPath(taskId);
+  if (!p) return false;
+  if (!fs.existsSync(p)) return false;
+  const marker = safeJsonParse(p, null);
+  if (!marker || typeof marker !== 'object') return false;
+  if (marker.taskId !== taskId) return false;
+  // specHash check (AC15 — stale-spec invalidation)
+  if (currentSpecPath && marker.specHash) {
+    const currentHash = _hashFile(currentSpecPath);
+    if (currentHash && currentHash !== marker.specHash) return false;
+  }
+  return true;
+}
+
+/**
+ * Remove markers whose task is in `recentlyCompleted` and whose mtime is
+ * older than maxAgeMs. Idempotent; safe to call repeatedly.
+ *
+ * @param {Object} opts
+ * @param {number} [opts.maxAgeMs=7d] — markers older than this are eligible
+ * @param {boolean} [opts.retainCompletedTasks=false] — keep markers for completed tasks
+ *                                                     (default: GC them)
+ * @returns {{removed: string[], kept: string[]}}
+ */
+function gcStaleMarkers(opts = {}) {
+  const maxAgeMs = typeof opts.maxAgeMs === 'number' ? opts.maxAgeMs : DEFAULT_GC_MAX_AGE_MS;
+  const retainCompletedTasks = opts.retainCompletedTasks === true;
+  const result = { removed: [], kept: [] };
+  if (!fs.existsSync(ARCHITECT_RUNS_DIR)) return result;
+
+  // Build set of completed task IDs (markers eligible for GC by default)
+  let completedIds = new Set();
+  try {
+    const ready = getReadyData();
+    if (ready && Array.isArray(ready.recentlyCompleted)) {
+      for (const t of ready.recentlyCompleted) {
+        if (t && t.id) completedIds.add(t.id);
+      }
+    }
+  } catch (_err) { /* fail-open */ }
+
+  const now = Date.now();
+  let entries = [];
+  try {
+    entries = fs.readdirSync(ARCHITECT_RUNS_DIR);
+  } catch (_err) { return result; }
+
+  for (const entry of entries) {
+    if (!entry.endsWith('.json')) continue;
+    const taskId = entry.slice(0, -5); // strip .json
+    if (!validateTaskId(taskId).valid) {
+      // Stray file — leave alone (could be backup or someone else's data)
+      result.kept.push(taskId);
+      continue;
+    }
+    const fullPath = path.join(ARCHITECT_RUNS_DIR, entry);
+    let stat;
+    try { stat = fs.statSync(fullPath); } catch (_err) { continue; }
+    const ageMs = now - stat.mtimeMs;
+    const isCompleted = completedIds.has(taskId);
+    const isExpired = ageMs > maxAgeMs;
+
+    // Eligible for GC: task is completed AND marker is older than maxAge,
+    // unless retainCompletedTasks is true.
+    if (isCompleted && isExpired && !retainCompletedTasks) {
+      try {
+        fs.unlinkSync(fullPath);
+        result.removed.push(taskId);
+      } catch (_err) {
+        result.kept.push(taskId);
+      }
+    } else {
+      result.kept.push(taskId);
+    }
+  }
+  return result;
+}
+
+module.exports = {
+  ARCHITECT_RUNS_DIR,
+  getArchitectRunPath,
+  writeArchitectRunMarker,
+  hasArchitectRun,
+  gcStaleMarkers
+};

package/scripts/flow-feature-dossier.js

@@ -36,6 +36,9 @@ const fs = require('node:fs');
 const path = require('node:path');
 const { execSync } = require('node:child_process');
 const { PATHS, safeJsonParse } = require('./flow-utils');
+const { globToRegex: _gtr } = require('./flow-glob');
+// Local convenience: case-insensitive glob (this module's historical default)
+const globToRegex = (pat) => _gtr(pat, 'i');
 
 const DOSSIER_DIRNAME = 'dossiers';
 const INDEX_FILENAME = 'index.json';
@@ -254,15 +257,6 @@ function matchFeatures(input = {}) {
   return Object.values(scores).sort((a, b) => b.score - a.score);
 }
 
-function globToRegex(pat) {
-  const escaped = pat
-    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
-    .replace(/\*\*/g, '.__DBLSTAR__')
-    .replace(/\*/g, '[^/]*')
-    .replace(/\.__DBLSTAR__/g, '.*')
-    .replace(/\?/g, '[^/]');
-  return new RegExp(`^${escaped}$`, 'i');
-}
 
 function scaffoldDossier(slug, meta = {}) {
   if (RESERVED_SLUGS.has(slug)) {

package/scripts/flow-glob.js

@@ -0,0 +1,104 @@
+'use strict';
+
+/**
+ * Wogi Flow — Glob Matcher (wf-2eafdab0 / v2.30.1)
+ *
+ * Single source of truth for glob → regex conversion across:
+ *   - flow-standards-checker.js (forbidden-patterns exemptions)
+ *   - flow-feature-dossier.js  (dossier scope matching)
+ *   - flow-logic-rules.js      (logic-rule applies-to scope)
+ *
+ * Replaces 3 separate inline implementations (review finding M4).
+ *
+ * Semantics (security-patterns.md §4 compliant):
+ *   - single-star  matches any chars EXCEPT path separators (uses [^/]*, not .*)
+ *   - double-star  matches any chars INCLUDING path separators (uses .*)
+ *   - question     matches a single non-separator char ([^/])
+ *   - "dir/double-star" ALSO matches "dir" itself (the directory case — review M3)
+ *   - "double-star/foo" requires a directory boundary or root — does NOT match
+ *     "xfoo" as a substring of another segment (review M3)
+ *   - All regex metacharacters in literal portions are escaped.
+ *
+ * Public API:
+ *   - globToRegex(glob) → RegExp (anchored ^...$, throws if input invalid)
+ *   - globMatch(filePath, glob) → boolean (false-on-error fail-open)
+ */
+
+/** Regex metacharacters that need escaping when they appear as literal chars. */
+const REGEX_METACHARS = '.^$+(){}[]|\\';
+
+/**
+ * Convert a glob pattern to an anchored regex source string (no flags).
+ * Returns the regex source; caller wraps in `new RegExp(src)` if needed.
+ *
+ * Edge cases (notation: ★ = star — literal asterisk-slash ends JSDoc blocks).
+ * "dir/★★" → directory-or-anything-under regex; "★★/foo" → optional-prefix
+ * regex that requires a directory boundary; bare "★★" → match-anything regex.
+ */
+function globToRegexSource(glob) {
+  if (typeof glob !== 'string') throw new TypeError('glob must be a string');
+  let re = '^';
+  let i = 0;
+  while (i < glob.length) {
+    const c = glob[i];
+    // Detect `**/` — anchored anywhere or at start
+    if (c === '*' && glob[i + 1] === '*' && glob[i + 2] === '/') {
+      // `**/` matches zero-or-more directory segments + separator
+      re += '(?:.*/)?';
+      i += 3;
+    } else if (c === '/' && glob[i + 1] === '*' && glob[i + 2] === '*' && (i + 3 === glob.length || glob[i + 3] === undefined)) {
+      // `dir/**` at end: match `/anything` OR nothing (dir itself)
+      re += '(?:/.*)?';
+      i += 3;
+    } else if (c === '*' && glob[i + 1] === '*') {
+      // `**` not followed by `/` and not preceded by `/` — bare `**` matches anything
+      re += '.*';
+      i += 2;
+    } else if (c === '*') {
+      // single `*` — no path separators
+      re += '[^/]*';
+      i++;
+    } else if (c === '?') {
+      re += '[^/]';
+      i++;
+    } else if (REGEX_METACHARS.includes(c)) {
+      re += '\\' + c;
+      i++;
+    } else {
+      re += c;
+      i++;
+    }
+  }
+  re += '$';
+  return re;
+}
+
+/**
+ * Compile a glob to a RegExp object. Always anchored.
+ * @param {string} glob — pattern string
+ * @param {string} [flags=''] — RegExp flags (e.g., 'i' for case-insensitive)
+ */
+function globToRegex(glob, flags = '') {
+  return new RegExp(globToRegexSource(glob), flags);
+}
+
+/**
+ * Match a file path against a glob. Normalizes Windows-style separators
+ * to forward slashes. Returns false on any error (fail-open for callers
+ * that don't want to handle exceptions).
+ */
+function globMatch(filePath, glob) {
+  if (typeof filePath !== 'string' || typeof glob !== 'string') return false;
+  const normalized = filePath.replace(/\\/g, '/');
+  try {
+    return globToRegex(glob).test(normalized);
+  } catch (_err) {
+    return false;
+  }
+}
+
+module.exports = {
+  globToRegex,
+  globToRegexSource,
+  globMatch
+};

package/scripts/flow-logic-rules.js

@@ -33,6 +33,9 @@ const fs = require('node:fs');
 const path = require('node:path');
 const { execSync } = require('node:child_process');
 const { PATHS } = require('./flow-utils');
+const { globToRegex: _gtr } = require('./flow-glob');
+// Local convenience: case-insensitive glob (this module's historical default)
+const globToRegex = (pat) => _gtr(pat, 'i');
 const { getDossierRoots, DOSSIER_DIRNAME: _DOSSIER_DIRNAME } = require('./flow-feature-dossier');
 
 const LOGIC_RULES_FILENAME = '_logic-rules.md';
@@ -133,15 +136,6 @@ function listRules() {
   return all;
 }
 
-function globToRegex(pat) {
-  const escaped = pat
-    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
-    .replace(/\*\*/g, '.__DBLSTAR__')
-    .replace(/\*/g, '[^/]*')
-    .replace(/\.__DBLSTAR__/g, '.*')
-    .replace(/\?/g, '[^/]');
-  return new RegExp(`^${escaped}$`, 'i');
-}
 
 function matchRulesForFiles(files = [], extraKeywords = []) {
   if (!Array.isArray(files)) files = [files];

package/scripts/flow-phase.js

@@ -22,12 +22,17 @@ if (command === 'transition') {
     console.error('Usage: flow-phase.js transition <from> <to> [taskId]');
     process.exit(1);
   }
-  if (!isPhaseGateEnabled()) {
-    process.exit(0); // Silent no-op when disabled
-  }
+  // wf-88a08fd4: previously this exited silently when `phaseGate.enabled` was
+  // false, which is the default. The CLI is an explicit caller action — honor
+  // it even when gate enforcement is off. State tracking (workflow-phase.json)
+  // is independent of gate enforcement (blocking Edit/Write until phase file
+  // is read). Callers that depend on phase state always need the write; the
+  // gate flag only controls whether PreToolUse blocks tools.
+  const gateActive = isPhaseGateEnabled();
   const success = transitionPhase(from, to, taskId || null);
   if (success) {
-    console.log(`Phase: ${from} → ${to}`);
+    const suffix = gateActive ? '' : ' (gate enforcement disabled — state updated only)';
+    console.log(`Phase: ${from} → ${to}${suffix}`);
     // wf-8d635d0e / E1: fire background auto-review on coding → validating.
     // Fails open — any error here must not fail the primary transition.
     try {

package/scripts/flow-standards-checker.js

@@ -23,6 +23,7 @@ const {
   color,
   getConfig
 } = require('./flow-utils');
+const { globMatch } = require('./flow-glob');
 const {
   calculateCombinedSimilarity,
   getMatchLevel,
@@ -672,6 +673,12 @@ function checkForbiddenPatterns(file, patterns) {
     ? path.relative(PATHS.root, file.path)
     : file.path;
 
+  // AC3 (M1 fix): per-file content size cap. Skip files that exceed the cap;
+  // attacker-supplied or accidentally-huge inputs can't lock the matcher.
+  if (content.length > DEFAULT_MAX_CONTENT_BYTES) {
+    return violations; // silently skip — large file, no scan
+  }
+
   for (const entry of patterns) {
     if (!entry || typeof entry !== 'object') continue;
     if (!entry.pattern || typeof entry.pattern !== 'string') continue;
@@ -681,6 +688,20 @@ function checkForbiddenPatterns(file, patterns) {
     const exempted = exemptions.some(glob => globMatch(relPath, glob));
     if (exempted) continue;
 
+    // AC3 (M1 fix): pre-compile reject of catastrophic-backtracking patterns.
+    const catRisk = detectCatastrophicPattern(entry.pattern);
+    if (catRisk) {
+      violations.push({
+        type: 'forbidden-pattern-malformed',
+        severity: 'warning',
+        file: file.path,
+        line: 1,
+        message: `Pattern "${entry.id || entry.pattern}" rejected pre-compile: ${catRisk}`,
+        rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+      });
+      continue; // don't compile or run the dangerous pattern
+    }
+
     // Compile regex
     let re;
     try {
@@ -691,10 +712,25 @@ function checkForbiddenPatterns(file, patterns) {
       continue;
     }
 
-    // Match
+    // Match — with wall-clock budget (AC3/M1 fix).
     let match;
     re.lastIndex = 0;
+    const deadline = Date.now() + DEFAULT_MATCH_BUDGET_MS;
     while ((match = re.exec(content)) !== null) {
+      // Budget check: bail out gracefully if the matcher takes too long.
+      // Acceptable to drop late matches — defends against ReDoS, not a
+      // correctness guarantee.
+      if (Date.now() > deadline) {
+        violations.push({
+          type: 'forbidden-pattern-timeout',
+          severity: 'warning',
+          file: file.path,
+          line: 1,
+          message: `Pattern "${entry.id || entry.pattern}" exceeded ${DEFAULT_MATCH_BUDGET_MS}ms budget on this file — partial results, scan aborted.`,
+          rule: `forbidden-patterns.json: ${entry.id || '(unnamed)'}`
+        });
+        break;
+      }
       const before = content.substring(0, match.index);
       const lineNumber = (before.match(/\n/g) || []).length + 1;
       violations.push({
@@ -714,63 +750,69 @@ function checkForbiddenPatterns(file, patterns) {
   return violations;
 }
 
+// Note: globMatch was extracted to scripts/flow-glob.js (review M4 fix —
+// kills 3 separate inline implementations). Imported at top of this file.
+
 /**
- * Minimal glob-to-regex matcher for forbidden-pattern exemptions.
- * Supports: `**` (any depth), `*` (no path separator), exact match.
- * Per security-patterns.md §4: use `[^/]*` not `.*` to prevent path
- * separator matching in `*` (only `**` should cross directories).
+ * Detect catastrophic-backtracking regex patterns BEFORE compilation.
+ * Returns a reason string if the pattern looks ReDoS-prone, null otherwise.
+ *
+ * Heuristic: nested quantifiers like (a+)+, (.*)*, ([a-z]+)+ are the canonical
+ * shape. We don't claim to catch every adversarial pattern — just the common
+ * ones. Per AC3 (review M1 fix).
  */
-function globMatch(filePath, glob) {
-  const normalized = filePath.replace(/\\/g, '/');
-  // Build regex from glob
-  let re = '^';
-  let i = 0;
-  while (i < glob.length) {
-    const c = glob[i];
-    if (c === '*' && glob[i + 1] === '*') {
-      // ** matches anything including separators
-      re += '.*';
-      i += 2;
-      // Skip a following / so '**/foo' matches both 'foo' and 'a/b/foo'
-      if (glob[i] === '/') i++;
-    } else if (c === '*') {
-      re += '[^/]*';
-      i++;
-    } else if (c === '?') {
-      re += '[^/]';
-      i++;
-    } else if ('.^$+(){}[]|\\'.includes(c)) {
-      re += '\\' + c;
-      i++;
-    } else {
-      re += c;
-      i++;
-    }
-  }
-  re += '$';
-  try {
-    return new RegExp(re).test(normalized);
-  } catch (_err) {
-    return false;
+function detectCatastrophicPattern(patternSrc) {
+  if (typeof patternSrc !== 'string') return null;
+  // Match: ( ... <quantifier> ) <quantifier>
+  // Where quantifier is one of: +, *, {n,m}
+  const NESTED = /\([^()]*[+*][^()]*\)\s*[+*]/;
+  if (NESTED.test(patternSrc)) {
+    return 'nested-quantifier (e.g., (a+)+, (.*)*, ([a-z]+)+) — catastrophic backtracking risk';
   }
+  return null;
 }
 
+const DEFAULT_MAX_CONTENT_BYTES = 1_000_000; // 1MB
+const DEFAULT_MATCH_BUDGET_MS = 200;
+
 /**
  * Load forbidden-patterns.json from project state dir.
+ * Uses safeJsonParse (per security-patterns.md §2 — review H1 fix).
+ * Emits stderr warning when state dir exists but file does NOT (AC2/H2 — silent
+ * no-op detection) and when file exists but parse fails (AC12/L2).
  * @returns {Object[]} pattern entries (empty array if missing/invalid)
  */
 function loadForbiddenPatterns(projectRoot) {
   const root = projectRoot || PATHS.root;
-  const filePath = path.join(root, '.workflow', 'state', 'forbidden-patterns.json');
-  if (!fs.existsSync(filePath)) return [];
-  try {
-    const raw = fs.readFileSync(filePath, 'utf-8');
-    const parsed = JSON.parse(raw);
-    if (!Array.isArray(parsed)) return [];
-    return parsed;
-  } catch (_err) {
+  const stateDir = path.join(root, '.workflow', 'state');
+  const filePath = path.join(stateDir, 'forbidden-patterns.json');
+  if (!fs.existsSync(filePath)) {
+    // AC2/H2: warn when state dir is initialized but pack is missing.
+    // Mirrors the CL-004 stderr-warn pattern in pre-tool-deps.js — silently
+    // shimming a missing rule pack masks broken installs.
+    if (fs.existsSync(stateDir) && process.env.WOGI_QUIET !== '1') {
+      console.error(
+        '[Standards] forbidden-patterns.json not found at .workflow/state/ — feature ' +
+        'inactive this run. Run `flow init --force` or copy from ' +
+        '.workflow/state/forbidden-patterns.json.template to enable.'
+      );
+    }
+    return [];
+  }
+  // AC1/H1 fix: use safeJsonParse instead of raw JSON.parse(fs.readFileSync(...))
+  const parsed = safeJsonParse(filePath, null);
+  if (parsed === null) {
+    // AC12/L2: warn when the file exists but parse failed (syntax error).
+    if (process.env.WOGI_QUIET !== '1') {
+      console.error(
+        '[Standards] forbidden-patterns.json failed to parse — feature disabled this run. ' +
+        'Check for trailing commas / mismatched braces.'
+      );
+    }
     return [];
   }
+  if (!Array.isArray(parsed)) return [];
+  return parsed;
 }
 
 function checkApiDuplication(file, existingEndpoints, matchConfig) {