wogiflow 2.30.0 → 2.30.2

package/scripts/flow-standards-gate.js

@@ -169,6 +169,21 @@ function inferTaskType(taskType, changedFiles) {
  * @returns {Object} Check results with feedback for retry loop
  */
 function runTaskStandardsCheck(taskContext, files, options = {}) {
+  // Defensive normalization: callers (flow-done-gates.js → ctx.getModifiedFiles())
+  // pass a string[] of file paths; this function documents Object[] with
+  // {path, content}. Pre-fix, `files.map(f => f.path)` returned [undefined,...]
+  // which then crashed downstream `.includes()` on undefined. The crash was
+  // swallowed by the caller's try/catch and surfaced as "checker error —
+  // degraded to manual check" on every `flow done`. Normalize here so both
+  // shapes work; content-dependent checks skip strings gracefully (downstream
+  // already does `if (!file.content) continue;`).
+  if (!Array.isArray(files)) {
+    files = [];
+  } else {
+    files = files.map(f => (typeof f === 'string' ? { path: f, content: undefined } : f))
+      .filter(f => f && typeof f.path === 'string');
+  }
+
   const config = getConfig();
   const standardsConfig = config.standardsCompliance || {};
   const gateStartMs = Date.now();

package/scripts/hooks/adapters/claude-code.js

@@ -421,16 +421,31 @@ Run: /wogi-start ${coreResult.nextTaskId}`;
       };
     }
 
-    // Compose additionalContext from up to five pieces:
-    //   1. longInputEnforcement (P11.5 — placed FIRST so AI sees the
-    //      forcing instruction before anything else)
-    //   2. systemReminder (research protocol) OR message (warning)
-    //   3. phasePrompt (phase-specific context)
-    //   4. overduePrompt (wf-d3e67abe — silent-halt surfacing, manager-only)
+    // wf-35742353 — Gate-orchestrator integration.
+    //
+    // Previously this concatenated up to five pieces blindly, producing a
+    // wall of competing system-reminder text ("invoke /wogi-extract-review"
+    // + "research protocol" + phase context, etc.) that the AI/user could
+    // not triage. Now: REMEDIATIONS (gates demanding action) go through
+    // the gate-orchestrator which picks the highest-priority one and lists
+    // the rest as a one-line "queued" footer. INFO pieces (phase context,
+    // overdue dispatches) pass through unchanged alongside the top
+    // remediation. Fail-open: any error falls back to the prior concat.
     const pieces = [];
-    if (coreResult.longInputEnforcement) pieces.push(coreResult.longInputEnforcement);
-    if (coreResult.systemReminder) pieces.push(coreResult.systemReminder);
-    else if (coreResult.message) pieces.push(coreResult.message);
+    try {
+      const { selectAndRender } = require('../core/gate-orchestrator');
+      const remediation = selectAndRender({
+        'long-input-pending': coreResult.longInputEnforcement,
+        'research-required': coreResult.systemReminder || coreResult.message
+      });
+      if (remediation) pieces.push(remediation);
+    } catch (_err) {
+      // Fallback to prior concat shape if orchestrator misfires.
+      if (coreResult.longInputEnforcement) pieces.push(coreResult.longInputEnforcement);
+      if (coreResult.systemReminder) pieces.push(coreResult.systemReminder);
+      else if (coreResult.message) pieces.push(coreResult.message);
+    }
+    // Info pieces always pass through.
     if (coreResult.phasePrompt) pieces.push(coreResult.phasePrompt);
     if (coreResult.overduePrompt) pieces.push(coreResult.overduePrompt);
 

package/scripts/hooks/core/architect-required-gate.js

@@ -1,97 +1,59 @@
-#!/usr/bin/env node
+'use strict';
 
 /**
- * Wogi Flow - Architect-Required Gate (wf-037f8d66)
+ * Wogi Flow - Architect-Required Gate (wf-037f8d66, hardened in wf-2eafdab0)
  *
  * Closes the methodology gap where the IGR Architect/Adversary pass at
  * spec_review IS specced (per .claude/docs/phases/02-spec.md) but enforcement
  * is prompt-only — the agent can skip Architect and go straight to coding.
  *
- * This gate fires on Edit/Write during the `coding` phase for L1+ tasks when
- * config.intentGroundedReasoning.enabled is true and no evidence of an
+ * This gate fires on Edit/Write/Bash during the `coding` phase for L1+ tasks
+ * when config.intentGroundedReasoning.enabled is true and no evidence of an
  * Architect run exists for the current task.
  *
- * Evidence marker: `.workflow/state/architect-runs/<task-id>.json` written
- * by flow-architect-pass.js on successful completion.
+ * Evidence marker: read from flow-architect-runs.js (the neutral-location
+ * module that BOTH this gate and flow-architect-pass.js consume — keeps
+ * hooks/core from owning state hooks/core's parents need to write to).
  *
  * Scope:
  *   - L0 (epic) / L1 (story) tasks: Architect required → gate enforces
  *   - L2 / L3 tasks: skip spec_review entirely (correctly) → gate is a no-op
+ *   - type=story/epic with MISSING level: fail-closed (treat as L1)
  *
- * Fail-open: any error reading state/config → allow tool call. Same pattern
- * as research-evidence-gate.js.
- */
-
-const path = require('node:path');
-const fs = require('node:fs');
-const { PATHS } = require('../../flow-utils');
-
-const ARCHITECT_RUNS_DIR = path.join(PATHS.state, 'architect-runs');
-
-/**
- * Compute path to the Architect-run evidence marker for a task.
- */
-function getArchitectRunPath(taskId) {
-  if (!taskId || typeof taskId !== 'string') return null;
-  return path.join(ARCHITECT_RUNS_DIR, `${taskId}.json`);
-}
-
-/**
- * Write an Architect-run evidence marker. Called by flow-architect-pass.js
- * on successful completion. Atomic write-temp + rename.
+ * Mutation set: Edit, Write, Bash (NOT TodoWrite — review finding M8: blocking
+ * planning before coding is chicken-and-egg).
  *
- * @param {Object} payload — { taskId, completedAt, model, plan }
- * @returns {{ written: boolean, path: string|null }}
+ * Fail-open: any error reading state/config → allow tool call.
  */
-function writeArchitectRunMarker(payload) {
-  if (!payload || !payload.taskId) {
-    return { written: false, path: null };
-  }
-  try {
-    if (!fs.existsSync(ARCHITECT_RUNS_DIR)) {
-      fs.mkdirSync(ARCHITECT_RUNS_DIR, { recursive: true });
-    }
-    const filePath = getArchitectRunPath(payload.taskId);
-    const tmpPath = `${filePath}.tmp-${process.pid}`;
-    fs.writeFileSync(tmpPath, JSON.stringify({
-      taskId: payload.taskId,
-      completedAt: payload.completedAt || new Date().toISOString(),
-      model: payload.model || null,
-      plan: payload.plan || null
-    }, null, 2));
-    fs.renameSync(tmpPath, filePath);
-    return { written: true, path: filePath };
-  } catch (_err) {
-    return { written: false, path: null };
-  }
-}
 
-/**
- * Check whether an Architect run is recorded for a given task.
- * @param {string} taskId
- * @returns {boolean}
- */
-function hasArchitectRun(taskId) {
-  const p = getArchitectRunPath(taskId);
-  if (!p) return false;
-  try {
-    return fs.existsSync(p);
-  } catch (_err) {
-    return false;
-  }
-}
+const archRuns = require('../../flow-architect-runs');
+const { hasArchitectRun, getArchitectRunPath, writeArchitectRunMarker } = archRuns;
 
 /**
- * Determine whether the current task requires Architect (L1+ only).
- * @param {Object} taskMeta — task record from ready.json (has level, type)
- * @returns {boolean}
+ * Determine whether the current task requires Architect.
+ *
+ * Returns true for:
+ *   - L0 (epic), L1 (story)
+ *   - type=story OR type=epic with MISSING/empty level (fail-closed — review M2)
+ *
+ * Returns false for:
+ *   - explicit L2 / L3 (regardless of type)
+ *   - missing/null taskMeta
+ *   - unknown type with no level signal
  */
 function requiresArchitect(taskMeta) {
   if (!taskMeta || typeof taskMeta !== 'object') return false;
   const level = (taskMeta.level || '').toUpperCase();
-  // L0 (epic) and L1 (story) require Architect.
-  // L2 (task) / L3 (subtask) bypass spec_review correctly.
-  return level === 'L0' || level === 'L1';
+  // Explicit level takes precedence
+  if (level === 'L0' || level === 'L1') return true;
+  if (level === 'L2' || level === 'L3') return false;
+  // No explicit level — fail-closed for stories/epics (M2 fix).
+  // A task created without a level field is untracked-by-pipeline; treating
+  // it as "doesn't need architect" lets bypass slip through. Stories/epics
+  // are exactly the work-types Architect is for.
+  const type = (taskMeta.type || '').toLowerCase();
+  if (type === 'story' || type === 'epic') return true;
+  return false;
 }
 
 /**
@@ -101,7 +63,6 @@ function requiresArchitect(taskMeta) {
 function isGateEnabled(config) {
   const igr = config?.intentGroundedReasoning;
   if (!igr || igr.enabled === false) return false;
-  // Explicit toggle on the gate itself overrides
   if (config?.architectRequiredGate?.enabled === false) return false;
   return true;
 }
@@ -109,67 +70,55 @@ function isGateEnabled(config) {
 /**
  * Main gate check.
  *
- * @param {Object} ctx — { phase, taskId, taskMeta, config, toolName }
+ * @param {Object} ctx — { phase, taskId, taskMeta, config, toolName, specPath? }
  * @returns {{ blocked: boolean, reason?: string, message?: string }}
  */
 function checkArchitectRequired(ctx) {
-  const { phase, taskId, taskMeta, config, toolName } = ctx || {};
+  const { phase, taskId, taskMeta, config, toolName, specPath } = ctx || {};
 
-  // Only fires on tools that mutate state (Edit/Write/Bash/TodoWrite)
-  const mutationTools = new Set(['Edit', 'Write', 'TodoWrite', 'Bash']);
-  if (!toolName || !mutationTools.has(toolName)) {
-    return { blocked: false };
-  }
+  // Mutation set: Edit/Write/Bash only. TodoWrite removed (M8).
+  const mutationTools = new Set(['Edit', 'Write', 'Bash']);
+  if (!toolName || !mutationTools.has(toolName)) return { blocked: false };
 
   // Only fires during coding phase
-  if (phase !== 'coding') {
-    return { blocked: false };
-  }
+  if (phase !== 'coding') return { blocked: false };
 
   // Gate disabled (or IGR off)
-  if (!isGateEnabled(config)) {
-    return { blocked: false };
-  }
+  if (!isGateEnabled(config)) return { blocked: false };
 
-  // No active task → not in scope (gate doesn't apply)
-  if (!taskId) {
-    return { blocked: false };
-  }
+  // No active task → not in scope
+  if (!taskId) return { blocked: false };
 
-  // L2/L3 tasks bypass spec_review correctly — gate is a no-op
-  if (!requiresArchitect(taskMeta)) {
-    return { blocked: false };
-  }
+  // L2/L3 tasks correctly bypass spec_review — gate is a no-op
+  if (!requiresArchitect(taskMeta)) return { blocked: false };
 
-  // Check for evidence marker
-  if (hasArchitectRun(taskId)) {
-    return { blocked: false };
-  }
+  // Check evidence marker (with content validation + optional specHash check)
+  if (hasArchitectRun(taskId, specPath)) return { blocked: false };
 
-  // Block: Architect required but no evidence
   return {
     blocked: true,
     reason: 'architect-required',
     message: [
       `ARCHITECT-REQUIRED GATE: task ${taskId} is L1+ in coding phase but no `,
-      `Architect run is recorded at ${getArchitectRunPath(taskId)}.\n\n`,
+      `valid Architect run is recorded at ${getArchitectRunPath(taskId)}.\n\n`,
       `Per .claude/docs/phases/02-spec.md Step 1.55, L1+ tasks must run an `,
       `Architect pass before coding. Invoke:\n\n`,
       `  node scripts/flow-architect-pass.js run --task=${taskId}\n\n`,
       `Then retry your edit. To opt out for this task only, set `,
-      `config.architectRequiredGate.enabled = false (project-level), or use `,
-      `\`flow architect-skip --task=${taskId} --reason="..."\` (single-task escape; `,
-      `not yet implemented — opens follow-up wf if needed).`
+      `config.architectRequiredGate.enabled = false (project-level).`
     ].join('')
   };
 }
 
 module.exports = {
   checkArchitectRequired,
-  writeArchitectRunMarker,
-  hasArchitectRun,
+  // Re-exports from flow-architect-runs for backward compat with existing
+  // test suite + flow-architect-pass.js. These pass-throughs let consumers
+  // who already require the gate continue to work; new consumers should
+  // prefer require('../../flow-architect-runs') directly.
   requiresArchitect,
-  getArchitectRunPath,
   isGateEnabled,
-  ARCHITECT_RUNS_DIR
+  hasArchitectRun,
+  getArchitectRunPath,
+  writeArchitectRunMarker
 };

package/scripts/hooks/core/gate-orchestrator.js

@@ -0,0 +1,104 @@
+'use strict';
+
+/**
+ * Wogi Flow — Gate Orchestrator (wf-35742353)
+ *
+ * Cross-gate priority and remediation surfacing. Each gate (long-input-pending,
+ * routing, research-required, phase-context, overdue-dispatches, etc.) was
+ * designed assuming it was the only voice in the room. At the integration
+ * point (UserPromptSubmit additionalContext and Stop hook stopReason) they
+ * collide and produce conflicting "do this NOW" instructions in the same turn.
+ *
+ * This module owns the priority order and the picker. The hook entry files
+ * and adapters call it instead of stacking messages.
+ *
+ * Priority (highest first):
+ *   1. long-input-pending — user's prompt isn't captured; downstream is
+ *      suspect. Resolve before anything else.
+ *   2. routing — no task assigned; work would be untracked.
+ *   3. research-required — diagnostic prompt needs evidence-reading.
+ *   4. workspace-overdue — silent worker death surfacing (manager-only).
+ *   5. phase-context — informational phase-prompt injection (not a demand).
+ *
+ * Categories:
+ *   - "remediation": the AI must take a specific action (resolve before
+ *     proceeding). At most ONE remediation is surfaced per turn — the
+ *     highest-priority active one wins; others get a one-line "queued"
+ *     footer so the AI knows more work follows.
+ *   - "info": informational, always passes through alongside the top
+ *     remediation. Examples: phase-context, dossier injection.
+ *
+ * Fail-open philosophy: if classification or formatting errors, return
+ * the original message stack unchanged (caller fallback).
+ */
+
+const REMEDIATION_PRIORITY = Object.freeze([
+  'long-input-pending',
+  'routing',
+  'research-required',
+  'workspace-overdue'
+]);
+
+const REMEDIATION_LABELS = Object.freeze({
+  'long-input-pending': 'long-input-pending (invoke /wogi-extract-review or `flow long-input-pending dismiss`)',
+  'routing': 'routing (invoke /wogi-start)',
+  'research-required': 'research-required (read evidence before answering)',
+  'workspace-overdue': 'workspace-overdue (a worker dispatch is past its deadline)'
+});
+
+/**
+ * Pick the top-priority active remediation from a set of (gateId, message) pairs.
+ *
+ * @param {Array<{id: string, message: string}>} active - gates currently demanding action
+ * @returns {{ top: {id, message}|null, queued: string[] }}
+ *          top: the highest-priority active gate (null if none)
+ *          queued: gateIds of the others (in priority order), for footer rendering
+ */
+function pickTopRemediation(active) {
+  if (!Array.isArray(active) || active.length === 0) {
+    return { top: null, queued: [] };
+  }
+  // Filter to valid entries and sort by priority index.
+  const valid = active.filter(g => g && typeof g.id === 'string' && typeof g.message === 'string' && g.message.trim().length > 0);
+  if (valid.length === 0) return { top: null, queued: [] };
+
+  const indexed = valid.map(g => ({ ...g, idx: REMEDIATION_PRIORITY.indexOf(g.id) }))
+    .map(g => ({ ...g, idx: g.idx === -1 ? Number.POSITIVE_INFINITY : g.idx }));
+  indexed.sort((a, b) => a.idx - b.idx);
+
+  const top = { id: indexed[0].id, message: indexed[0].message };
+  const queued = indexed.slice(1).map(g => g.id);
+  return { top, queued };
+}
+
+/**
+ * Render the top remediation message with a one-line footer listing queued
+ * remediations. If no others are queued, returns the top message unchanged.
+ */
+function renderRemediation(top, queued) {
+  if (!top || typeof top.message !== 'string') return '';
+  if (!Array.isArray(queued) || queued.length === 0) return top.message;
+  const labels = queued.map(id => REMEDIATION_LABELS[id] || id).join('; ');
+  return `${top.message}\n\n[gate-orchestrator] Also queued (resolve after the above): ${labels}`;
+}
+
+/**
+ * Convenience: take a map of {gateId: message-or-null} and return the rendered
+ * top remediation (or empty string when nothing is active).
+ */
+function selectAndRender(gateMap) {
+  if (!gateMap || typeof gateMap !== 'object') return '';
+  const active = Object.entries(gateMap)
+    .filter(([_id, msg]) => typeof msg === 'string' && msg.trim().length > 0)
+    .map(([id, message]) => ({ id, message }));
+  const { top, queued } = pickTopRemediation(active);
+  return renderRemediation(top, queued);
+}
+
+module.exports = {
+  REMEDIATION_PRIORITY,
+  REMEDIATION_LABELS,
+  pickTopRemediation,
+  renderRemediation,
+  selectAndRender
+};

package/scripts/hooks/core/long-input-enforcement.js

@@ -94,6 +94,47 @@ function hasSourceLink(text) {
   return SOURCE_LINK_PATTERNS.some(re => re.test(text));
 }
 
+// Known system-content tag prefixes that arrive via UserPromptSubmit but are
+// NOT user-typed input. Sub-agent task-notifications, system reminders, and
+// slash-command framings all flow through the same hook. Treating them as
+// user prompts is the wf-f7d58760 false-positive shape — sub-agent
+// completions tripped the long-input gate and force-blocked the parent
+// session with no recoverable path (catch-22 documented in the bug).
+const SYSTEM_CONTENT_PREFIXES = [
+  '<task-notification>',
+  '<system-reminder>',
+  '<command-message>',
+  '<command-name>',
+  '<command-args>',
+  '<command-output>',
+  '<command-stderr>',
+  '<local-command-stdout>',
+  '<local-command-stderr>',
+  '<user-prompt-submit-hook>',
+  '<bash-input>',
+  '<bash-stdout>',
+  '<bash-stderr>'
+];
+
+/**
+ * Detect content that originates from the system (tool results, sub-agent
+ * notifications, slash-command framings) rather than user typing. These
+ * arrive via UserPromptSubmit in some Claude Code paths but should never
+ * trip the long-input gate — they aren't requests, and the user can't
+ * "preserve their verbatim source" because the user didn't author them.
+ *
+ * Detection: leading non-whitespace begins with a known system tag prefix.
+ * Conservative — only matches if the tag is the FIRST thing in the text.
+ */
+function isSystemOriginatedContent(text) {
+  if (typeof text !== 'string') return false;
+  const lead = text.trimStart().slice(0, 64);
+  for (const prefix of SYSTEM_CONTENT_PREFIXES) {
+    if (lead.startsWith(prefix)) return true;
+  }
+  return false;
+}
+
 function hasTaskSignals(text) {
   if (typeof text !== 'string') return false;
   let imperativeHits = 0;
@@ -129,6 +170,12 @@ function isChannelDispatchInWorker(source, env = process.env) {
  * @returns {{forced: boolean, level: 'strict'|'force'|'suggest'|'pass', reason: string}}
  */
 function shouldForceExtractReview({ text, source, env = process.env } = {}) {
+  // wf-f7d58760: system-originated content (sub-agent task-notifications,
+  // tool-result echoes, slash-command framings) flows through the same
+  // UserPromptSubmit pipe but is NOT a user prompt. Skip the gate entirely.
+  if (isSystemOriginatedContent(text)) {
+    return { forced: false, level: 'pass', reason: 'system-originated-content' };
+  }
   if (!detectLongFormPrompt(text)) {
     return { forced: false, level: 'pass', reason: 'below-long-input-threshold' };
   }
@@ -297,9 +344,11 @@ module.exports = {
   PENDING_PATH,
   LONG_LINE_THRESHOLD,
   LONG_ITEM_THRESHOLD,
+  SYSTEM_CONTENT_PREFIXES,
   detectLongFormPrompt,
   hasSourceLink,
   hasTaskSignals,
+  isSystemOriginatedContent,
   isChannelDispatchInWorker,
   shouldForceExtractReview,
   buildEnforcementMessage,

package/scripts/hooks/core/pre-tool-helpers.js

@@ -64,9 +64,47 @@ function isAllGatesDisabled(hookStatus) {
   );
 }
 
+/**
+ * Resolve the current workflow phase + task meta from state files.
+ *
+ * Reads `.workflow/state/workflow-phase.json` for { phase, taskId }, then
+ * looks up the matching task in `ready.json.inProgress` for full taskMeta.
+ *
+ * Fail-open everywhere: any read/parse error → returns the partial state
+ * resolved so far. Multiple gates may need this context; centralizing here
+ * stops the inline-block proliferation flagged by review L3.
+ *
+ * @returns {{phase: string, taskId: string|null, taskMeta: object|null}}
+ */
+function resolveCurrentTaskContext() {
+  const path = require('node:path');
+  const flowUtils = require('../../flow-utils');
+  const flowIo = require('../../flow-io');
+  let phase = 'idle';
+  let taskId = null;
+  let taskMeta = null;
+  try {
+    const phaseStatePath = path.join(flowUtils.PATHS.state, 'workflow-phase.json');
+    const ps = flowIo.safeJsonParse(phaseStatePath, null);
+    if (ps) {
+      phase = ps.phase || 'idle';
+      taskId = ps.taskId || null;
+    }
+  } catch (_err) { /* fail-open */ }
+  if (taskId) {
+    try {
+      const ready = flowUtils.getReadyData ? flowUtils.getReadyData() : null;
+      const inProgress = (ready && Array.isArray(ready.inProgress)) ? ready.inProgress : [];
+      taskMeta = inProgress.find(t => t && t.id === taskId) || null;
+    } catch (_err) { /* fail-open */ }
+  }
+  return { phase, taskId, taskMeta };
+}
+
 module.exports = {
   VALID_AGENT_TYPES,
   READ_ONLY_AGENT_TYPES,
   parseSubagentContext,
   isAllGatesDisabled,
+  resolveCurrentTaskContext,
 };

package/scripts/hooks/core/pre-tool-orchestrator.js

@@ -118,35 +118,17 @@ function runPreToolGates(ctx, deps) {
     }
   }
 
-  // Architect-required gate (wf-037f8d66)
+  // Architect-required gate (wf-037f8d66, hardened wf-2eafdab0)
   // L1+ tasks in coding phase must have run Architect/Adversary before any Edit/Write/Bash.
+  // TodoWrite removed from gate set (review M8 fix — planning-tool chicken-and-egg).
   // L2/L3 tasks bypass spec_review entirely (correctly), so the gate is a no-op there.
+  // Task context resolution extracted to resolveCurrentTaskContext (review L3 fix).
   // Fail-open on any error.
   if (typeof deps.checkArchitectRequired === 'function' &&
-      (toolName === 'Edit' || toolName === 'Write' || toolName === 'Bash' || toolName === 'TodoWrite')) {
+      (toolName === 'Edit' || toolName === 'Write' || toolName === 'Bash')) {
     try {
-      // Resolve current phase + task meta from active state
-      const flowUtils = require('../../flow-utils');
-      const flowIo = require('../../flow-io');
-      let phase = 'idle';
-      let taskId = null;
-      let taskMeta = null;
-      try {
-        const phaseStatePath = path.join(flowUtils.PATHS.state, 'workflow-phase.json');
-        const ps = flowIo.safeJsonParse(phaseStatePath, null);
-        if (ps) {
-          phase = ps.phase || 'idle';
-          taskId = ps.taskId || null;
-        }
-      } catch (_err) { /* fail-open */ }
-      if (taskId) {
-        try {
-          const ready = flowUtils.getReadyData ? flowUtils.getReadyData() : null;
-          const inProgress = (ready && Array.isArray(ready.inProgress)) ? ready.inProgress : [];
-          taskMeta = inProgress.find(t => t && t.id === taskId) || null;
-        } catch (_err) { /* fail-open */ }
-      }
-
+      const { resolveCurrentTaskContext } = require('./pre-tool-helpers');
+      const { phase, taskId, taskMeta } = resolveCurrentTaskContext();
       const archResult = deps.checkArchitectRequired({
         phase, taskId, taskMeta, config, toolName
       });

package/scripts/hooks/core/research-required-classifier.js

@@ -47,7 +47,11 @@ const DIAGNOSTIC_PATTERNS = [
   /\bwhich\s+(approach|option|way|one)\s+(is\s+better|should|do\s+you)\b/i,
   /\bis\s+it\s+better\s+to\b/i,
   /\bwhat'?s?\s+the\s+(right|best|correct)\s+(approach|way)\b/i,
-  /\brecommend\b/i,
+  // Imperative "recommend" — anchored to prompt start or after sentence end.
+  // Prior version `/\brecommend\b/i` matched ANY occurrence and false-fired on
+  // "the recommendation system is broken" / "I recommend doing X" (statements,
+  // not questions). See wf-12271e82.
+  /(?:^|[.?!]\s+)\s*(please\s+|can\s+you\s+|could\s+you\s+|would\s+you\s+)?recommend\b/i,
   /\bdid\s+you\s+(fix|address|verify|check|test|handle)\b/i,
   /\bdo\s+you\s+(think|recommend|suggest)\b/i,
 ];

package/scripts/hooks/core/session-end.js

@@ -68,6 +68,18 @@ function handleSessionEnd(input) {
       result.logged = false;
     }
 
+    // wf-2eafdab0 (AC8): GC stale architect-run markers for completed tasks.
+    // Markers in `.workflow/state/architect-runs/` accumulate forever otherwise;
+    // task-id collision (re-used fixtures, manual ID re-use) bypasses the gate.
+    // Fail-open everywhere — never block session end.
+    try {
+      const { gcStaleMarkers } = require('../../flow-architect-runs');
+      const gc = gcStaleMarkers(); // default 7-day retention for completed tasks
+      if (gc && gc.removed && gc.removed.length > 0) {
+        result.architectMarkerGc = { removed: gc.removed.length };
+      }
+    } catch (_err) { /* non-critical */ }
+
     // Surface pending skill proposals staged by `flow skill propose|patch|remove`.
     // These await user approval (`flow skill promote|reject`) at session end.
     try {