wogiflow 2.31.2 → 2.33.0

package/scripts/hooks/core/long-input-enforcement.js

@@ -71,6 +71,83 @@ const SOURCE_LINK_PATTERNS = [
   /\bwf-[a-f0-9]{8}\b/i  // bare wf-ID reference
 ];
 
+/**
+ * Strip quoted/pasted content from a prompt so item + line counts reflect
+ * what the USER is actually requesting, not what they're illustrating.
+ *
+ * Removes:
+ *   - Fenced code blocks (``` … ```) — pasted code or transcript output
+ *   - Lines starting with `⏺` — pasted Claude Code transcript bullet
+ *   - Lines starting with `  ⎿ ` — pasted Claude Code tool-result indent
+ *   - Lines starting with `>` (markdown blockquote, indented or not) — quoted source
+ *   - Indented blocks of 4+ leading spaces directly after a fence-less line
+ *     (informal code-block convention — git diff output, REPL traces, etc.)
+ *
+ * Conservative: only strips when stripping changes the count classification —
+ * downstream callers compare strip vs. raw and use the lower count if it crosses
+ * the threshold. (Tested directly via the helper export; the classifier wires
+ * it into both detectLongFormPrompt and hasTaskSignals.)
+ *
+ * Why this matters: the current turn's user prompt was a short narrative + a
+ * ~70-line PASTED transcript inside a fenced block. The raw line count crossed
+ * the threshold, the imperatives inside the transcript ("fix", "add", "rm")
+ * crossed the task-signal threshold, and the gate fired — even though the user
+ * pasted the transcript to ILLUSTRATE a bug, not to deliver work items.
+ *
+ * @param {string} text
+ * @returns {string} stripped text (always a string; '' if input wasn't)
+ */
+function stripQuotedContent(text) {
+  if (typeof text !== 'string') return '';
+
+  // 1. Strip fenced code blocks (greedy, but match per-block so unclosed
+  //    fences don't eat the rest of the prompt).
+  let stripped = text.replace(/^```[^\n]*\n[\s\S]*?\n```\s*$/gm, '');
+
+  // 2. Strip pasted-transcript / blockquote lines.
+  const lines = stripped.split('\n');
+  const kept = [];
+  for (const line of lines) {
+    // ⏺ — Claude Code transcript bullet
+    if (/^\s*⏺/.test(line)) continue;
+    // ⎿ — Claude Code tool-result continuation marker
+    if (/^\s*⎿/.test(line)) continue;
+    // > — markdown blockquote (any indent level)
+    if (/^\s*>/.test(line)) continue;
+    // 4+ leading-space "code-by-indentation" lines that don't look like
+    // a markdown list item (those start with `- ` / `* ` / `N. ` AFTER spaces).
+    if (/^ {4,}\S/.test(line) && !/^\s*(?:[-*]|\d+[.)])\s+/.test(line)) continue;
+    kept.push(line);
+  }
+  return kept.join('\n');
+}
+
+/**
+ * Detect a Claude Code skill-body echo. When the AI calls `Skill(...)`, the
+ * harness surfaces the full skill prompt + args back as a "user message" via
+ * UserPromptSubmit. These are AI-composed, not user-typed; firing the gate
+ * on them creates a deadlock (the AI can't dismiss its own skill args, and
+ * extract-review needs Bash which is also gated).
+ *
+ * Detection: the prompt contains ≥2 structural markers that only appear in
+ * Claude Code skill bodies (heading hierarchies, "ARGUMENTS: {args}" template,
+ * etc.). These are exceedingly unlikely to appear in user-typed prose.
+ *
+ * @param {string} text
+ * @returns {boolean}
+ */
+function isSkillBodyEcho(text) {
+  if (typeof text !== 'string' || text.length < 500) return false;
+  let hits = 0;
+  for (const marker of SKILL_BODY_MARKERS) {
+    if (text.includes(marker)) {
+      hits++;
+      if (hits >= 2) return true;
+    }
+  }
+  return false;
+}
+
 function countDiscreteItems(text) {
   if (typeof text !== 'string') return 0;
   let count = 0;
@@ -83,9 +160,12 @@ function countDiscreteItems(text) {
 
 function detectLongFormPrompt(text) {
   if (typeof text !== 'string' || !text.trim()) return false;
-  const lineCount = text.split('\n').filter(l => l.trim()).length;
+  // Strip quoted/pasted content before counting — only the USER's own words
+  // contribute to thresholds (otherwise the gate fires on illustrative pastes).
+  const stripped = stripQuotedContent(text);
+  const lineCount = stripped.split('\n').filter(l => l.trim()).length;
   if (lineCount > LONG_LINE_THRESHOLD) return true;
-  if (countDiscreteItems(text) >= LONG_ITEM_THRESHOLD) return true;
+  if (countDiscreteItems(stripped) >= LONG_ITEM_THRESHOLD) return true;
   return false;
 }
 
@@ -116,6 +196,27 @@ const SYSTEM_CONTENT_PREFIXES = [
   '<bash-stderr>'
 ];
 
+// Skill-body markers that indicate the prompt is a Claude Code skill body
+// being echoed back to the model after an AI Skill(...) invocation. When
+// the AI calls `Skill(skill="wogi-start", args="...long...")`, Claude Code
+// surfaces the full skill prompt + args as the next "user message" — going
+// through UserPromptSubmit. The args are AI-composed, not user-typed, so
+// the gate must NOT fire on them. We detect this by the structural markers
+// that only ever appear in skill body bodies (not in regular user prose).
+// Treating it as a user prompt was the deadlock shape from the wogiflow-cli
+// 2026-05-13 incident — see the bug report transcript in this commit's body.
+const SKILL_BODY_MARKERS = [
+  '**UNIVERSAL ENTRY POINT**',
+  '## Request Triage (AI-Driven Routing',
+  '### Command Catalog',
+  '### Pre-Routing Checks (Automatic)',
+  'Routing order: Task ID',
+  '## Phase Execution (MANDATORY)',
+  '## Mandatory Rules',
+  'ARGUMENTS: {args}',
+  '## How It Works (MANDATORY',
+];
+
 /**
  * Detect content that originates from the system (tool results, sub-agent
  * notifications, slash-command framings) rather than user typing. These
@@ -137,9 +238,14 @@ function isSystemOriginatedContent(text) {
 
 function hasTaskSignals(text) {
   if (typeof text !== 'string') return false;
+  // Imperatives inside pasted code/transcript/blockquotes are illustrative,
+  // not the user's own work-creating instructions. Count only on the USER's
+  // own words. (Without this, pasted error logs containing "fix" / "add"
+  // / "remove" trip the gate as if the user were ordering 5 tasks.)
+  const stripped = stripQuotedContent(text);
   let imperativeHits = 0;
   for (const re of TASK_IMPERATIVES) {
-    const m = text.match(new RegExp(re.source, 'gi'));
+    const m = stripped.match(new RegExp(re.source, 'gi'));
     if (m) imperativeHits += m.length;
   }
   return imperativeHits >= 2;
@@ -176,6 +282,13 @@ function shouldForceExtractReview({ text, source, env = process.env } = {}) {
   if (isSystemOriginatedContent(text)) {
     return { forced: false, level: 'pass', reason: 'system-originated-content' };
   }
+  // Deadlock fix (2026-05-13): AI-composed Skill args get surfaced back as
+  // a "user message" by the harness. Detect the skill-body echo signature
+  // and skip the gate — the args are AI-decomposed, not user-typed, so
+  // item-reconciliation has no source to reconcile against.
+  if (isSkillBodyEcho(text)) {
+    return { forced: false, level: 'pass', reason: 'skill-body-echo' };
+  }
   if (!detectLongFormPrompt(text)) {
     return { forced: false, level: 'pass', reason: 'below-long-input-threshold' };
   }
@@ -308,6 +421,20 @@ function checkLongInputPendingGate(toolName, toolInput) {
     if (/flow\s+extract-zero-loss/.test(cmd)) return { blocked: false };
     if (/flow\s+long-input/.test(cmd)) return { blocked: false };
     if (/flow-source-fidelity\.js/.test(cmd)) return { blocked: false };
+    // EMERGENCY ESCAPE (2026-05-13 deadlock fix): when the `flow` CLI is
+    // unavailable (e.g., target project has no node_modules/wogiflow on PATH,
+    // or the CLI itself is broken), allow the user to manually clear the
+    // marker file via `rm`. Scoped narrowly to the exact marker path so it
+    // can't be used as a general-purpose Bash escape.
+    if (/^\s*rm\s+(?:-[a-zA-Z]+\s+)?(?:["']?)\.workflow\/state\/long-input-pending\.json(?:["']?)\s*$/.test(cmd)) {
+      return { blocked: false };
+    }
+    // Also allow the node-script equivalent (for sessions where `rm` is
+    // unavailable, e.g. some Windows shells). Matches both `fs.unlinkSync(...)`
+    // and `require('fs').unlinkSync(...)` forms.
+    if (/unlinkSync\s*\(\s*['"]\.workflow\/state\/long-input-pending\.json['"]\s*\)/.test(cmd)) {
+      return { blocked: false };
+    }
     // Falls through to block for everything else
   }
 
@@ -334,6 +461,11 @@ function checkLongInputPendingGate(toolName, toolInput) {
       '  2. (ESCAPE HATCH) If this prompt genuinely does NOT create work',
       '     (e.g., it\'s a log dump or pure question), dismiss with:',
       '     `flow long-input-pending dismiss --reason="<concrete reason>"`',
+      '  3. (EMERGENCY) If both paths above fail (e.g., `flow` CLI missing',
+      '     or broken), manually clear the marker file:',
+      '     `rm .workflow/state/long-input-pending.json`',
+      '     (This Bash command is explicitly allowed by the gate as a',
+      '     deadlock escape.)',
       '',
       'Read/Glob/Grep tools remain available for investigation.'
     ].join('\n')
@@ -345,10 +477,12 @@ module.exports = {
   LONG_LINE_THRESHOLD,
   LONG_ITEM_THRESHOLD,
   SYSTEM_CONTENT_PREFIXES,
+  SKILL_BODY_MARKERS,
   detectLongFormPrompt,
   hasSourceLink,
   hasTaskSignals,
   isSystemOriginatedContent,
+  isSkillBodyEcho,
   isChannelDispatchInWorker,
   shouldForceExtractReview,
   buildEnforcementMessage,
@@ -357,5 +491,6 @@ module.exports = {
   isLongInputPending,
   readLongInputPending,
   checkLongInputPendingGate,
-  countDiscreteItems
+  countDiscreteItems,
+  stripQuotedContent
 };

package/scripts/hooks/core/research-required-classifier.js

@@ -56,14 +56,39 @@ const DIAGNOSTIC_PATTERNS = [
   /\bdo\s+you\s+(think|recommend|suggest)\b/i,
 ];
 
-// Factual markers — Tier 1 (no marker, AI can answer from code/docs)
+// Generic-factual markers — Tier 1a (no marker; answerable from general
+// knowledge). NARROWED from the prior FACTUAL_PATTERNS: "where is X",
+// "which file", "show me", "list all" all MOVED to LOCATIONAL_PATTERNS
+// below because in a project context they are almost always asking about
+// THIS codebase and require a Read first. See wf-1bcc67d5 (the wogiflow-cli
+// "where do API keys get saved" incident — model answered from prior,
+// doubled down twice, before finally grepping).
 const FACTUAL_PATTERNS = [
-  /^\s*what\s+is\b/i,
-  /^\s*where\s+(is|does|are)\b/i,
-  /^\s*how\s+many\b/i,
-  /^\s*show\s+me\b/i,
-  /^\s*list\s+(all|the)\b/i,
-  /^\s*which\s+file\b/i,
+  /^\s*what\s+is\s+(a|an)\b/i,            // "what is a closure" — conceptual
+  /^\s*what\s+does\s+\w+\s+mean\b/i,      // "what does idempotent mean"
+  /^\s*how\s+many\s+\w+\s+(are\s+in|in)\s+a\b/i, // "how many days in a year" — generic
+];
+
+// Locational / project-specific-factual markers — Tier 1b (WRITES the
+// evidence marker, same as diagnostic). "Where is X configured?", "which
+// file handles Y?", "how does the deferral gate work?" — these are
+// answerable ONLY by reading this codebase. The model MUST Read/Grep/Glob
+// first and cite what it read. No "Tier 1 → answer directly" shortcut.
+// wf-1bcc67d5.
+const LOCATIONAL_PATTERNS = [
+  /\bwhere\s+(is|are|do|does|did|should|would|can)\b/i,           // where is X / where are the keys / where does X get saved
+  /\bwhich\s+(file|module|function|component|class|method|hook|gate|script|test|directory|folder|package)\b/i,
+  /\bwhat\s+(file|module|function|class|hook|gate|script|component)\s+(handles?|does|is|contains?|defines?)\b/i,
+  /\bwhat\s+is\s+(responsible\s+for|the\s+\w+\s+(file|module|gate|hook)\s+for)\b/i,
+  // "how does the deferral gate work" — allow multiple words between the
+  // determiner and the action verb (lazy [\s\w-]*?). Covers 1+ noun phrases.
+  /\bhow\s+(does|do|did)\s+(the|this|our|its?|wogiflow|a|an)\b[\s\w-]*?\s+(work|works|worked|happen|behave|operate|function|run|fire|trigger|get\s+\w+)\b/i,
+  // "how is the routing flag configured" — same lazy gap
+  /\bhow\s+(is|are|was|were|does|do)\s+[\s\w-]*?\b(configured|wired|stored|set\s+up|implemented|handled|loaded|registered|defined|saved|kept|read|written|persisted|injected)\b/i,
+  /^\s*(show\s+me\s+(the|all|how|where)|list\s+(all|the))\b/i,    // show me the routes / list all the gates — project enumeration
+  /\bis\s+there\s+(a|an|any)\s+\w+\s+(in\s+(this|the)\s+(project|codebase|repo|code)|here)\b/i,
+  /\b(in\s+this\s+(project|codebase|repo|code))\b.*\b(where|how|which|what)\b/i,
+  /\b(where|how|which|what)\b.*\b(in\s+this\s+(project|codebase|repo|code))\b/i,
 ];
 
 // Command markers — task IDs, imperatives, follow-ups
@@ -96,12 +121,21 @@ function getMaxAttempts(config) {
 }
 
 /**
- * Classify a user prompt into command / factual / diagnostic.
+ * Classify a user prompt into command / factual / locational / diagnostic.
+ *
+ * Order matters: override > command > generic-factual > locational > diagnostic > default(none).
  *
- * Order matters: override > command > factual > diagnostic > default(none).
+ * `locational` and `diagnostic` BOTH write the evidence marker — the Stop
+ * hook then requires Read/Grep/Glob calls before the answer is accepted.
+ * `command` and `factual` and `none` do NOT write the marker.
+ *
+ * The generic-factual check is intentionally NARROW (only "what is a/an
+ * <concept>", "what does X mean", "how many X in a Y"). Anything that
+ * smells project-specific — "where is X", "which file/module", "how does
+ * the X work" — falls through to `locational` and is gated. See wf-1bcc67d5.
  *
  * @param {string} prompt
- * @returns {{ category: 'command'|'factual'|'diagnostic'|'none', match?: string, overridden?: boolean }}
+ * @returns {{ category: 'command'|'factual'|'locational'|'diagnostic'|'none', match?: string, overridden?: boolean }}
  */
 function classifyPrompt(prompt) {
   if (typeof prompt !== 'string') return { category: 'none' };
@@ -119,13 +153,19 @@ function classifyPrompt(prompt) {
     if (m) return { category: 'command', match: m[0] };
   }
 
-  // Factual next
+  // Generic-factual next (NARROW — only truly-conceptual questions)
   for (const rx of FACTUAL_PATTERNS) {
     const m = trimmed.match(rx);
     if (m) return { category: 'factual', match: m[0] };
   }
 
-  // Diagnostic last
+  // Locational / project-specific-factual — gated (writes marker)
+  for (const rx of LOCATIONAL_PATTERNS) {
+    const m = trimmed.match(rx);
+    if (m) return { category: 'locational', match: m[0] };
+  }
+
+  // Diagnostic — gated (writes marker)
   for (const rx of DIAGNOSTIC_PATTERNS) {
     const m = trimmed.match(rx);
     if (m) return { category: 'diagnostic', match: m[0] };
@@ -134,23 +174,32 @@ function classifyPrompt(prompt) {
   return { category: 'none' };
 }
 
+// Both 'diagnostic' AND 'locational' write the evidence marker. wf-1bcc67d5.
+const GATED_CATEGORIES = new Set(['diagnostic', 'locational']);
+
 /**
  * Apply classification — write or skip the marker. Fail-open.
+ *
+ * @returns {{ applied: boolean, category?: string, match?: string,
+ *             requiredEvidence?: number, nudge?: string, reason?: string }}
+ *   On a gated category, `nudge` is a short upfront reminder string the
+ *   UserPromptSubmit orchestrator can surface as additionalContext so the
+ *   model is told to Read BEFORE answering — not just re-prompted at Stop.
  */
 function applyClassification(prompt, config) {
   try {
     if (!isClassifierEnabled(config)) return { applied: false, reason: 'classifier-disabled' };
 
     const result = classifyPrompt(prompt);
-    if (result.category !== 'diagnostic') {
-      return { applied: false, category: result.category, reason: 'not-diagnostic' };
+    if (!GATED_CATEGORIES.has(result.category)) {
+      return { applied: false, category: result.category, reason: 'not-gated' };
     }
 
     const requiredEvidence = getRequiredEvidence(config);
     const payload = {
       version: 1,
       classifiedAt: new Date().toISOString(),
-      category: 'diagnostic',
+      category: result.category,
       match: result.match,
       requiredEvidence,
       attemptCount: 0
@@ -159,7 +208,12 @@ function applyClassification(prompt, config) {
     const tmp = `${getMarkerPath()}.tmp.${process.pid}.${Math.random().toString(36).slice(2, 8)}`;
     fs.writeFileSync(tmp, JSON.stringify(payload, null, 2));
     fs.renameSync(tmp, getMarkerPath());
-    return { applied: true, category: 'diagnostic', match: result.match, requiredEvidence };
+
+    const nudge = result.category === 'locational'
+      ? `[research-required] This is a project-specific locational question (matched "${result.match}"). Before answering, run Read/Grep/Glob against the actual codebase — do NOT answer from prior knowledge or industry defaults. Your answer MUST cite the file:line(s) you read. (wf-1bcc67d5: a confident model answering "where does X live" from memory, doubling down, is the exact failure this gate exists to stop.)`
+      : `[research-required] This is a diagnostic question (matched "${result.match}"). Read at least ${requiredEvidence} relevant evidence files before answering; cite them.`;
+
+    return { applied: true, category: result.category, match: result.match, requiredEvidence, nudge };
   } catch (err) {
     if (process.env.DEBUG) {
       console.error(`[research-required-classifier] applyClassification error (fail-open): ${err.message}`);
@@ -205,5 +259,7 @@ module.exports = {
   OVERRIDE_PREFIX,
   DIAGNOSTIC_PATTERNS,
   FACTUAL_PATTERNS,
-  COMMAND_PATTERNS
+  LOCATIONAL_PATTERNS,
+  COMMAND_PATTERNS,
+  GATED_CATEGORIES
 };

package/scripts/hooks/core/research-required-gate.js

@@ -196,23 +196,33 @@ function checkResearchRequiredGate(opts = {}) {
       };
     }
 
+    // wf-1bcc67d5: the marker now carries category 'diagnostic' OR 'locational'.
+    // For locational ("where does X live", "which file handles Y"), the message
+    // is sharper — answering from prior knowledge is the precise failure shape.
+    const isLocational = marker.category === 'locational';
+    const kind = isLocational ? 'project-specific locational question' : 'diagnostic question';
     return {
       blocked: true,
       hardStop: false,
       evidenceCount,
       requiredEvidence,
       message:
-        `RESEARCH-REQUIRED VIOLATION: the user asked a diagnostic question (matched "${marker.match}") ` +
+        `RESEARCH-REQUIRED VIOLATION: the user asked a ${kind} (matched "${marker.match}") ` +
         `but you produced an answer with only ${evidenceCount} evidence read${evidenceCount === 1 ? '' : 's'} ` +
         `(minimum required: ${requiredEvidence}).\n\n` +
+        (isLocational
+          ? `You answered "${kind === 'project-specific locational question' ? 'where/which/how X works in this project' : '...'}" WITHOUT opening a file. That is the exact failure wf-1bcc67d5 exists to stop: a confident model pattern-matching to industry defaults instead of checking THIS codebase, then doubling down. Do NOT answer from prior knowledge.\n\n`
+          : '') +
         `Re-do this turn:\n` +
-        `  1. Identify the relevant code/state files for the question.\n` +
-        `  2. Read at least ${requiredEvidence} of them via the Read tool. Bash with cat/head/grep/rg ` +
+        `  1. Identify the relevant code/state files for the question (grep first if you're not sure where).\n` +
+        `  2. Read at least ${requiredEvidence} of them via the Read tool. Bash with cat/head/grep/rg/Glob/Grep ` +
         `against evidence paths also counts.\n` +
-        `  3. THEN answer with citations (file:line where appropriate).\n\n` +
+        `  3. THEN answer — and the answer MUST cite the file:line(s) you actually read. An uncited answer to a ` +
+        `${kind} is not acceptable.\n\n` +
         `Evidence prefixes that count: .workflow/state/, .workflow/changes/, lib/, scripts/, src/, tests/, app/.\n\n` +
-        `If you genuinely don't know which files to read, ask the user via \`flow ask "<question>"\`.\n` +
-        `If you believe this is a factual question that doesn't need research, the user can prefix their ` +
+        `If you genuinely cannot find the relevant files after grepping, say so explicitly and ask the user via ` +
+        `\`flow ask "<question>"\` — do NOT guess.\n` +
+        `If this is genuinely a generic-knowledge question (not about this project), the user can prefix their ` +
         `next prompt with \`!\` to skip the gate.\n\n` +
         `Attempt ${next.attemptCount}/${maxAttempts}.`
     };

package/scripts/hooks/core/user-prompt-orchestrator.js

@@ -70,13 +70,19 @@ async function orchestrateUserPromptSubmit({ input, parsedInput }) {
     }
   }
 
-  // wf-5cd71b1f: Research-required classifier
+  // wf-5cd71b1f + wf-1bcc67d5: Research-required classifier. Now catches
+  // 'locational' (project-specific "where is X / which file / how does the
+  // X work") in addition to 'diagnostic'. Both write the evidence marker
+  // (Stop-hook backstop) AND surface an upfront nudge so the model is told
+  // to Read BEFORE answering — not just re-prompted after.
+  let researchRequiredNudge = null;
   if (typeof prompt === 'string' && prompt.trim().length > 0) {
     try {
       const { applyClassification: applyResearchClassification } = require('./research-required-classifier');
       const r = applyResearchClassification(prompt, hookConfig);
-      if (r.applied && process.env.DEBUG) {
-        console.error(`[Hook] Research-required classifier: category=${r.category}, match="${r.match}"`);
+      if (r.applied) {
+        if (r.nudge) researchRequiredNudge = r.nudge;
+        if (process.env.DEBUG) console.error(`[Hook] Research-required classifier: category=${r.category}, match="${r.match}"`);
       }
     } catch (err) {
       if (process.env.DEBUG) console.error(`[Hook] Research-required classifier failed: ${err.message}`);
@@ -168,6 +174,7 @@ async function orchestrateUserPromptSubmit({ input, parsedInput }) {
   }
 
   if (phasePrompt) coreResult = { ...coreResult, phasePrompt };
+  if (researchRequiredNudge) coreResult = { ...coreResult, researchRequiredNudge };
 
   // wf-d3e67abe — overdue workspace dispatches
   try {