wogiflow 2.30.1 → 2.30.2

package/lib/installer.js

@@ -583,6 +583,36 @@ function createWorkflowStructure(projectRoot, config) {
     }
   }
 
+  // wf-d5fcb880 (H2): scaffold forbidden-patterns.json from its template.
+  // The template ships in the npm package (per package.json `files` →
+  // `.workflow/state/*.template`). Without this step, the standards-checker's
+  // forbidden-patterns feature is a silent no-op on fresh installs — the loader
+  // returns [] because no rule pack exists on disk. The previous review flagged
+  // this as a HIGH finding (H2 in last-review.json).
+  const forbiddenPath = path.join(workflowDir, 'state', 'forbidden-patterns.json');
+  if (!fs.existsSync(forbiddenPath)) {
+    const templatePath = path.join(workflowDir, 'state', 'forbidden-patterns.json.template');
+    if (fs.existsSync(templatePath)) {
+      try {
+        const templateContent = fs.readFileSync(templatePath, 'utf-8');
+        fs.writeFileSync(forbiddenPath, templateContent);
+      } catch (err) {
+        // Fall back to an empty array so the file exists and is parseable.
+        // safeJsonParse on this returns [] (valid empty pack); loader behaves
+        // identically to the no-file path but the user no longer sees the
+        // "forbidden-patterns.json not found" stderr warning.
+        if (process.env.DEBUG) {
+          console.error(`[installer] forbidden-patterns template copy failed: ${err.message}`);
+        }
+        fs.writeFileSync(forbiddenPath, '[]\n');
+      }
+    } else {
+      // Template not shipped (unusual install layout) — still scaffold an
+      // empty pack so loader is silent.
+      fs.writeFileSync(forbiddenPath, '[]\n');
+    }
+  }
+
   // Create registry manifest (dynamic registry discovery)
   const registryManifestPath = path.join(workflowDir, 'state', 'registry-manifest.json');
   if (!fs.existsSync(registryManifestPath)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.30.1",
+  "version": "2.30.2",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {

package/scripts/flow-phase.js

@@ -22,12 +22,17 @@ if (command === 'transition') {
     console.error('Usage: flow-phase.js transition <from> <to> [taskId]');
     process.exit(1);
   }
-  if (!isPhaseGateEnabled()) {
-    process.exit(0); // Silent no-op when disabled
-  }
+  // wf-88a08fd4: previously this exited silently when `phaseGate.enabled` was
+  // false, which is the default. The CLI is an explicit caller action — honor
+  // it even when gate enforcement is off. State tracking (workflow-phase.json)
+  // is independent of gate enforcement (blocking Edit/Write until phase file
+  // is read). Callers that depend on phase state always need the write; the
+  // gate flag only controls whether PreToolUse blocks tools.
+  const gateActive = isPhaseGateEnabled();
   const success = transitionPhase(from, to, taskId || null);
   if (success) {
-    console.log(`Phase: ${from} → ${to}`);
+    const suffix = gateActive ? '' : ' (gate enforcement disabled — state updated only)';
+    console.log(`Phase: ${from} → ${to}${suffix}`);
     // wf-8d635d0e / E1: fire background auto-review on coding → validating.
     // Fails open — any error here must not fail the primary transition.
     try {

package/scripts/flow-standards-gate.js

@@ -169,6 +169,21 @@ function inferTaskType(taskType, changedFiles) {
  * @returns {Object} Check results with feedback for retry loop
  */
 function runTaskStandardsCheck(taskContext, files, options = {}) {
+  // Defensive normalization: callers (flow-done-gates.js → ctx.getModifiedFiles())
+  // pass a string[] of file paths; this function documents Object[] with
+  // {path, content}. Pre-fix, `files.map(f => f.path)` returned [undefined,...]
+  // which then crashed downstream `.includes()` on undefined. The crash was
+  // swallowed by the caller's try/catch and surfaced as "checker error —
+  // degraded to manual check" on every `flow done`. Normalize here so both
+  // shapes work; content-dependent checks skip strings gracefully (downstream
+  // already does `if (!file.content) continue;`).
+  if (!Array.isArray(files)) {
+    files = [];
+  } else {
+    files = files.map(f => (typeof f === 'string' ? { path: f, content: undefined } : f))
+      .filter(f => f && typeof f.path === 'string');
+  }
+
   const config = getConfig();
   const standardsConfig = config.standardsCompliance || {};
   const gateStartMs = Date.now();

package/scripts/hooks/adapters/claude-code.js

@@ -421,16 +421,31 @@ Run: /wogi-start ${coreResult.nextTaskId}`;
       };
     }
 
-    // Compose additionalContext from up to five pieces:
-    //   1. longInputEnforcement (P11.5 — placed FIRST so AI sees the
-    //      forcing instruction before anything else)
-    //   2. systemReminder (research protocol) OR message (warning)
-    //   3. phasePrompt (phase-specific context)
-    //   4. overduePrompt (wf-d3e67abe — silent-halt surfacing, manager-only)
+    // wf-35742353 — Gate-orchestrator integration.
+    //
+    // Previously this concatenated up to five pieces blindly, producing a
+    // wall of competing system-reminder text ("invoke /wogi-extract-review"
+    // + "research protocol" + phase context, etc.) that the AI/user could
+    // not triage. Now: REMEDIATIONS (gates demanding action) go through
+    // the gate-orchestrator which picks the highest-priority one and lists
+    // the rest as a one-line "queued" footer. INFO pieces (phase context,
+    // overdue dispatches) pass through unchanged alongside the top
+    // remediation. Fail-open: any error falls back to the prior concat.
     const pieces = [];
-    if (coreResult.longInputEnforcement) pieces.push(coreResult.longInputEnforcement);
-    if (coreResult.systemReminder) pieces.push(coreResult.systemReminder);
-    else if (coreResult.message) pieces.push(coreResult.message);
+    try {
+      const { selectAndRender } = require('../core/gate-orchestrator');
+      const remediation = selectAndRender({
+        'long-input-pending': coreResult.longInputEnforcement,
+        'research-required': coreResult.systemReminder || coreResult.message
+      });
+      if (remediation) pieces.push(remediation);
+    } catch (_err) {
+      // Fallback to prior concat shape if orchestrator misfires.
+      if (coreResult.longInputEnforcement) pieces.push(coreResult.longInputEnforcement);
+      if (coreResult.systemReminder) pieces.push(coreResult.systemReminder);
+      else if (coreResult.message) pieces.push(coreResult.message);
+    }
+    // Info pieces always pass through.
     if (coreResult.phasePrompt) pieces.push(coreResult.phasePrompt);
     if (coreResult.overduePrompt) pieces.push(coreResult.overduePrompt);
 

package/scripts/hooks/core/gate-orchestrator.js

@@ -0,0 +1,104 @@
+'use strict';
+
+/**
+ * Wogi Flow — Gate Orchestrator (wf-35742353)
+ *
+ * Cross-gate priority and remediation surfacing. Each gate (long-input-pending,
+ * routing, research-required, phase-context, overdue-dispatches, etc.) was
+ * designed assuming it was the only voice in the room. At the integration
+ * point (UserPromptSubmit additionalContext and Stop hook stopReason) they
+ * collide and produce conflicting "do this NOW" instructions in the same turn.
+ *
+ * This module owns the priority order and the picker. The hook entry files
+ * and adapters call it instead of stacking messages.
+ *
+ * Priority (highest first):
+ *   1. long-input-pending — user's prompt isn't captured; downstream is
+ *      suspect. Resolve before anything else.
+ *   2. routing — no task assigned; work would be untracked.
+ *   3. research-required — diagnostic prompt needs evidence-reading.
+ *   4. workspace-overdue — silent worker death surfacing (manager-only).
+ *   5. phase-context — informational phase-prompt injection (not a demand).
+ *
+ * Categories:
+ *   - "remediation": the AI must take a specific action (resolve before
+ *     proceeding). At most ONE remediation is surfaced per turn — the
+ *     highest-priority active one wins; others get a one-line "queued"
+ *     footer so the AI knows more work follows.
+ *   - "info": informational, always passes through alongside the top
+ *     remediation. Examples: phase-context, dossier injection.
+ *
+ * Fail-open philosophy: if classification or formatting errors, return
+ * the original message stack unchanged (caller fallback).
+ */
+
+const REMEDIATION_PRIORITY = Object.freeze([
+  'long-input-pending',
+  'routing',
+  'research-required',
+  'workspace-overdue'
+]);
+
+const REMEDIATION_LABELS = Object.freeze({
+  'long-input-pending': 'long-input-pending (invoke /wogi-extract-review or `flow long-input-pending dismiss`)',
+  'routing': 'routing (invoke /wogi-start)',
+  'research-required': 'research-required (read evidence before answering)',
+  'workspace-overdue': 'workspace-overdue (a worker dispatch is past its deadline)'
+});
+
+/**
+ * Pick the top-priority active remediation from a set of (gateId, message) pairs.
+ *
+ * @param {Array<{id: string, message: string}>} active - gates currently demanding action
+ * @returns {{ top: {id, message}|null, queued: string[] }}
+ *          top: the highest-priority active gate (null if none)
+ *          queued: gateIds of the others (in priority order), for footer rendering
+ */
+function pickTopRemediation(active) {
+  if (!Array.isArray(active) || active.length === 0) {
+    return { top: null, queued: [] };
+  }
+  // Filter to valid entries and sort by priority index.
+  const valid = active.filter(g => g && typeof g.id === 'string' && typeof g.message === 'string' && g.message.trim().length > 0);
+  if (valid.length === 0) return { top: null, queued: [] };
+
+  const indexed = valid.map(g => ({ ...g, idx: REMEDIATION_PRIORITY.indexOf(g.id) }))
+    .map(g => ({ ...g, idx: g.idx === -1 ? Number.POSITIVE_INFINITY : g.idx }));
+  indexed.sort((a, b) => a.idx - b.idx);
+
+  const top = { id: indexed[0].id, message: indexed[0].message };
+  const queued = indexed.slice(1).map(g => g.id);
+  return { top, queued };
+}
+
+/**
+ * Render the top remediation message with a one-line footer listing queued
+ * remediations. If no others are queued, returns the top message unchanged.
+ */
+function renderRemediation(top, queued) {
+  if (!top || typeof top.message !== 'string') return '';
+  if (!Array.isArray(queued) || queued.length === 0) return top.message;
+  const labels = queued.map(id => REMEDIATION_LABELS[id] || id).join('; ');
+  return `${top.message}\n\n[gate-orchestrator] Also queued (resolve after the above): ${labels}`;
+}
+
+/**
+ * Convenience: take a map of {gateId: message-or-null} and return the rendered
+ * top remediation (or empty string when nothing is active).
+ */
+function selectAndRender(gateMap) {
+  if (!gateMap || typeof gateMap !== 'object') return '';
+  const active = Object.entries(gateMap)
+    .filter(([_id, msg]) => typeof msg === 'string' && msg.trim().length > 0)
+    .map(([id, message]) => ({ id, message }));
+  const { top, queued } = pickTopRemediation(active);
+  return renderRemediation(top, queued);
+}
+
+module.exports = {
+  REMEDIATION_PRIORITY,
+  REMEDIATION_LABELS,
+  pickTopRemediation,
+  renderRemediation,
+  selectAndRender
+};

package/scripts/hooks/core/long-input-enforcement.js

@@ -94,6 +94,47 @@ function hasSourceLink(text) {
   return SOURCE_LINK_PATTERNS.some(re => re.test(text));
 }
 
+// Known system-content tag prefixes that arrive via UserPromptSubmit but are
+// NOT user-typed input. Sub-agent task-notifications, system reminders, and
+// slash-command framings all flow through the same hook. Treating them as
+// user prompts is the wf-f7d58760 false-positive shape — sub-agent
+// completions tripped the long-input gate and force-blocked the parent
+// session with no recoverable path (catch-22 documented in the bug).
+const SYSTEM_CONTENT_PREFIXES = [
+  '<task-notification>',
+  '<system-reminder>',
+  '<command-message>',
+  '<command-name>',
+  '<command-args>',
+  '<command-output>',
+  '<command-stderr>',
+  '<local-command-stdout>',
+  '<local-command-stderr>',
+  '<user-prompt-submit-hook>',
+  '<bash-input>',
+  '<bash-stdout>',
+  '<bash-stderr>'
+];
+
+/**
+ * Detect content that originates from the system (tool results, sub-agent
+ * notifications, slash-command framings) rather than user typing. These
+ * arrive via UserPromptSubmit in some Claude Code paths but should never
+ * trip the long-input gate — they aren't requests, and the user can't
+ * "preserve their verbatim source" because the user didn't author them.
+ *
+ * Detection: leading non-whitespace begins with a known system tag prefix.
+ * Conservative — only matches if the tag is the FIRST thing in the text.
+ */
+function isSystemOriginatedContent(text) {
+  if (typeof text !== 'string') return false;
+  const lead = text.trimStart().slice(0, 64);
+  for (const prefix of SYSTEM_CONTENT_PREFIXES) {
+    if (lead.startsWith(prefix)) return true;
+  }
+  return false;
+}
+
 function hasTaskSignals(text) {
   if (typeof text !== 'string') return false;
   let imperativeHits = 0;
@@ -129,6 +170,12 @@ function isChannelDispatchInWorker(source, env = process.env) {
  * @returns {{forced: boolean, level: 'strict'|'force'|'suggest'|'pass', reason: string}}
  */
 function shouldForceExtractReview({ text, source, env = process.env } = {}) {
+  // wf-f7d58760: system-originated content (sub-agent task-notifications,
+  // tool-result echoes, slash-command framings) flows through the same
+  // UserPromptSubmit pipe but is NOT a user prompt. Skip the gate entirely.
+  if (isSystemOriginatedContent(text)) {
+    return { forced: false, level: 'pass', reason: 'system-originated-content' };
+  }
   if (!detectLongFormPrompt(text)) {
     return { forced: false, level: 'pass', reason: 'below-long-input-threshold' };
   }
@@ -297,9 +344,11 @@ module.exports = {
   PENDING_PATH,
   LONG_LINE_THRESHOLD,
   LONG_ITEM_THRESHOLD,
+  SYSTEM_CONTENT_PREFIXES,
   detectLongFormPrompt,
   hasSourceLink,
   hasTaskSignals,
+  isSystemOriginatedContent,
   isChannelDispatchInWorker,
   shouldForceExtractReview,
   buildEnforcementMessage,

package/scripts/hooks/core/research-required-classifier.js

@@ -47,7 +47,11 @@ const DIAGNOSTIC_PATTERNS = [
   /\bwhich\s+(approach|option|way|one)\s+(is\s+better|should|do\s+you)\b/i,
   /\bis\s+it\s+better\s+to\b/i,
   /\bwhat'?s?\s+the\s+(right|best|correct)\s+(approach|way)\b/i,
-  /\brecommend\b/i,
+  // Imperative "recommend" — anchored to prompt start or after sentence end.
+  // Prior version `/\brecommend\b/i` matched ANY occurrence and false-fired on
+  // "the recommendation system is broken" / "I recommend doing X" (statements,
+  // not questions). See wf-12271e82.
+  /(?:^|[.?!]\s+)\s*(please\s+|can\s+you\s+|could\s+you\s+|would\s+you\s+)?recommend\b/i,
   /\bdid\s+you\s+(fix|address|verify|check|test|handle)\b/i,
   /\bdo\s+you\s+(think|recommend|suggest)\b/i,
 ];

package/scripts/hooks/core/task-gate.js

@@ -7,6 +7,45 @@
  * Checks if there's an active task before allowing implementation actions.
  *
  * Returns a standardized result that adapters transform for specific CLIs.
+ *
+ * --------------------------------------------------------------------------
+ * "Active task" state-source contract (wf-c573961f, 2026-05-11)
+ * --------------------------------------------------------------------------
+ *
+ * The task-gate consults FOUR state sources to determine if a task is active.
+ * External tooling that mutates task state MUST satisfy this contract or the
+ * gate will reject Edits/Writes with `no_active_task` or `task_missing_routing_proof`.
+ *
+ *   1. `.workflow/state/ready.json` → `inProgress[]`
+ *      The task object must be the first element of inProgress, with a valid
+ *      `wf-XXXXXXXX` id (validateTaskId).
+ *
+ *   2. `.workflow/state/durable-session.json` → `{ taskId, status: 'active' }`
+ *      Fallback path when inProgress is empty. Also requires routing proof.
+ *
+ *   3. Task object `routedAt` field (ISO timestamp)
+ *      Set automatically by `flow start` / `createQuickTask` / `moveTaskAsync`
+ *      when a task legitimately enters inProgress.
+ *
+ *   4. `.workflow/state/.routing-receipt-<taskId>` (dotfile, JSON)
+ *      Anti-bypass receipt written by the same callers that set `routedAt`.
+ *      The dual mechanism is defense-in-depth: AI editing ready.json directly
+ *      can spoof `routedAt`, but the receipt file is harder to forge silently.
+ *
+ * The gate accepts the task if EITHER (3) routedAt is set, OR (4) the
+ * receipt file exists, OR the task has a legacy `startedAt` field (pre-
+ * routedAt migration). One of these MUST be true; otherwise the task is
+ * rejected as "manually inserted".
+ *
+ * Documented helpers for external tooling:
+ *   - `writeRoutingReceipt(taskId, options)` — produces a valid receipt for
+ *     a task that's already in inProgress (e.g., after `flow bug` then a
+ *     manual move). This is the documented "I know what I'm doing" escape
+ *     hatch that closes the 2026-05-10 wogiflow-cli bug-report issue.
+ *
+ * Single source of truth in the future: see the deferred follow-up epic
+ * referenced in wf-c573961f's bug spec ("Approach 1 / consolidate to
+ * .workflow/state/active-task.json"). That work is out of L2 scope.
  */
 
 const fs = require('node:fs');
@@ -314,7 +353,7 @@ function checkTaskGate(options = {}, config) {
         return {
           allowed: false,
           blocked: true,
-          message: `Task ${taskId} is in inProgress but has no routing proof (missing routedAt and no routing receipt file).\n\nThis usually means the task was inserted into ready.json manually instead of through /wogi-start.\n\nTo fix:\n1. Use /wogi-start ${taskId} to properly route this task\n2. Or remove it from inProgress and start fresh: /wogi-ready`,
+          message: `Task ${taskId} is in inProgress but has no routing proof (missing routedAt and no routing receipt file).\n\nThis usually means the task was inserted into ready.json manually instead of through /wogi-start.\n\nTo fix:\n1. RECOMMENDED — Use /wogi-start ${taskId} to properly route this task.\n2. Or remove it from inProgress and start fresh: /wogi-ready\n3. Or, if you know what you're doing (e.g. after \`flow bug\` + manual move), write a routing receipt:\n     node -e "require('./scripts/hooks/core/task-gate').writeRoutingReceipt('${taskId}', { via: 'manual' })"\n\nSee scripts/hooks/core/task-gate.js header for the "active task" state-source contract.`,
           reason: 'task_missing_routing_proof'
         };
       }
@@ -410,6 +449,42 @@ function checkTaskGate(options = {}, config) {
   };
 }
 
+/**
+ * Write a routing receipt for a task. This is the documented external API
+ * for satisfying the routing-proof requirement (state source #4) when the
+ * task is in inProgress but was placed there by a caller that didn't write
+ * a receipt (e.g., manual edit, or `flow bug` then move).
+ *
+ * Returns `{ ok: true, path }` on success or `{ ok: false, reason }` on
+ * failure. Validates taskId format before writing.
+ *
+ * wf-c573961f: previously this functionality was inlined in createQuickTask
+ * and not exported, leaving external tooling no documented way to satisfy
+ * the gate. The bug-report author hit exactly this — they updated four
+ * state files but couldn't discover the receipt-file requirement.
+ *
+ * @param {string} taskId - wf-XXXXXXXX format
+ * @param {Object} [options]
+ * @param {string} [options.via='external'] - audit field stored in the receipt
+ * @returns {{ok: boolean, path?: string, reason?: string}}
+ */
+function writeRoutingReceipt(taskId, options = {}) {
+  if (typeof taskId !== 'string' || !validateTaskId(taskId).valid) {
+    return { ok: false, reason: `invalid taskId format: ${taskId}` };
+  }
+  try {
+    const receiptPath = path.join(PATHS.state, `.routing-receipt-${taskId}`);
+    fs.writeFileSync(receiptPath, JSON.stringify({
+      taskId,
+      routedAt: new Date().toISOString(),
+      via: options.via || 'external'
+    }, null, 2));
+    return { ok: true, path: receiptPath };
+  } catch (err) {
+    return { ok: false, reason: err.message };
+  }
+}
+
 /**
  * Generate warning message (when not blocking)
  */
@@ -523,6 +598,7 @@ module.exports = {
   getActiveTask,
   checkTaskGate,
   createQuickTask,
+  writeRoutingReceipt,
   generateBlockMessage,
   generateWarningMessage
 };

package/scripts/hooks/entry/claude-code/stop.js

@@ -17,12 +17,26 @@ const { isRoutingPending, incrementStopAttempts } = require('../../core/routing-
 const { runHook } = require('../shared/hook-runner');
 
 runHook('Stop', async ({ parsedInput }) => {
+  // wf-35742353 — Gate priority: if long-input-pending is active, it is the
+  // top-priority remediation. The UserPromptSubmit hook already surfaced the
+  // full long-input message on prompt arrival; firing routing-enforcement
+  // and research-required gates now would issue conflicting "do this NOW"
+  // instructions in the same turn. Defer the lower-priority Stop-hook gates
+  // until long-input-pending is resolved.
+  //
+  // Fail-open: any error reading the marker falls through to normal gate flow.
+  let longInputActive = false;
+  try {
+    const { isLongInputPending } = require('../../core/long-input-enforcement');
+    longInputActive = isLongInputPending();
+  } catch (_err) { /* fail-open */ }
+
   // v6.2: Routing enforcement check — catches text-only response bypass
   // If routing-pending flag is still set when the AI tries to stop, it means
   // the AI responded to the user's message without ever invoking a /wogi-* command.
   // This is the exact bypass we need to prevent (especially after context compaction).
   try {
-    if (isRoutingPending()) {
+    if (isRoutingPending() && !longInputActive) {
       // Use counter-based approach instead of clearing immediately.
       // This gives the AI multiple chances to comply before giving up.
       // Gap 4 fix: clearing immediately made this single-shot protection.
@@ -260,7 +274,15 @@ runHook('Stop', async ({ parsedInput }) => {
   // turn was classified as diagnostic (Tier 2/3 from CLAUDE.md), check that
   // the AI made enough Read calls against evidence paths before answering.
   // If not, re-prompt with a violation message forcing a redo. Fail-open.
+  //
+  // wf-35742353 — Skip this gate when long-input-pending is active. The user's
+  // prompt isn't yet captured, so demanding evidence-reading would issue a
+  // conflicting remediation. The diagnostic marker will still be present when
+  // long-input resolves; the gate fires correctly then.
   try {
+    if (longInputActive) {
+      // skip — defer to long-input remediation
+    } else {
     const { checkResearchRequiredGate } = require('../../core/research-required-gate');
     const { getConfig } = require('../../../flow-utils');
     const config = getConfig();
@@ -276,6 +298,7 @@ runHook('Stop', async ({ parsedInput }) => {
       // Soft re-prompt: force the AI to redo with reads
       return { __raw: true, continue: true, stopReason: result.message };
     }
+    } // end else (wf-35742353 long-input-active skip)
   } catch (err) {
     if (process.env.DEBUG) {
       console.error(`[Stop] Research-required gate error (fail-open): ${err.message}`);