wogiflow 2.4.2 → 2.4.3

package/scripts/flow-step-security.js

@@ -8,150 +8,140 @@
  */
 
 const { execSync } = require('node:child_process');
-const fs = require('node:fs');
-const path = require('node:path');
-const { getProjectRoot } = require('./flow-utils');
+const { BaseWorkflowStep } = require('./base-workflow-step');
+const { PATHS } = require('./flow-utils');
 const { CREDENTIAL_SCAN_PATTERNS } = require('./flow-security');
 
-const PROJECT_ROOT = getProjectRoot();
+class SecurityStep extends BaseWorkflowStep {
+  constructor() {
+    // Security step checks ALL file types (not just code), so use broad extensions
+    super('securityScan', {
+      extensions: ['.js', '.ts', '.jsx', '.tsx', '.py', '.go', '.rs', '.json', '.yml', '.yaml', '.env', '.sh'],
+      excludeTests: true,
+      excludeDts: true,
+    });
+  }
 
-/**
- * Run security scan as a workflow step
- *
- * @param {object} options
- * @param {string[]} options.files - Files modified
- * @param {object} options.stepConfig - Step configuration
- * @param {string} options.mode - Step mode (block/warn/prompt/auto)
- * @returns {object} - { passed: boolean, message: string, details?: object }
- */
-async function run(options = {}) {
-  const { files = [], stepConfig = {}, mode } = options;
-  const severity = stepConfig.severity || 'high';
-  const issues = [];
-
-  // 1. Check for secrets in modified files (using centralized patterns)
-  for (const file of files) {
-    const filePath = path.join(PROJECT_ROOT, file);
-    if (!fs.existsSync(filePath)) continue;
-
-    // Skip test files and config examples
-    if (file.includes('.test.') || file.includes('.spec.') || file.includes('.example')) {
-      continue;
-    }
+  // Override filterFiles for security-specific exclusions
+  filterFiles(files) {
+    return files.filter(f => !f.includes('.example'));
+  }
+
+  async execute(files, options) {
+    const { stepConfig = {} } = options;
+    const severity = stepConfig.severity || 'high';
+    const issues = [];
 
-    try {
-      const content = fs.readFileSync(filePath, 'utf8');
-      for (const { pattern, name } of CREDENTIAL_SCAN_PATTERNS) {
-        // Reset lastIndex for regex with /g flag
-        pattern.lastIndex = 0;
-        if (pattern.test(content)) {
-          issues.push({
-            type: 'secret',
-            severity: 'high',
-            file,
-            message: name || 'Potential secret or credential detected',
-          });
-          break; // One issue per file is enough
+    // 1. Check for secrets in modified files (using centralized patterns)
+    for (const file of files) {
+      const content = this.readFile(file);
+      if (!content) continue;
+
+      try {
+        for (const { pattern, name } of CREDENTIAL_SCAN_PATTERNS) {
+          pattern.lastIndex = 0;
+          if (pattern.test(content)) {
+            issues.push({
+              type: 'secret',
+              severity: 'high',
+              file,
+              message: name || 'Potential secret or credential detected',
+            });
+            break;
+          }
         }
+      } catch (_err) {
+        // Skip unreadable files
       }
-    } catch (err) {
-      // Skip unreadable files
     }
-  }
 
-  // 2. Run npm audit if package.json was modified
-  const packageModified = files.some(f => f.endsWith('package.json') || f.endsWith('package-lock.json'));
-
-  if (packageModified || stepConfig.alwaysAudit) {
-    try {
-      const auditResult = execSync('npm audit --json 2>/dev/null', {
-        cwd: PROJECT_ROOT,
-        encoding: 'utf8',
-        stdio: ['pipe', 'pipe', 'pipe'],
-      });
-
-      const audit = JSON.parse(auditResult);
-
-      if (audit.metadata && audit.metadata.vulnerabilities) {
-        const vulns = audit.metadata.vulnerabilities;
-
-        if (severity === 'critical' && vulns.critical > 0) {
-          issues.push({
-            type: 'npm_audit',
-            severity: 'critical',
-            message: `${vulns.critical} critical vulnerabilities found`,
-            count: vulns.critical,
-          });
-        } else if (severity === 'high' && (vulns.critical > 0 || vulns.high > 0)) {
-          const count = vulns.critical + vulns.high;
-          issues.push({
-            type: 'npm_audit',
-            severity: 'high',
-            message: `${count} high/critical vulnerabilities found`,
-            count,
-          });
-        } else if (severity === 'moderate') {
-          const count = vulns.critical + vulns.high + vulns.moderate;
-          if (count > 0) {
+    // 2. Run npm audit if package.json was modified
+    const packageModified = files.some(f => f.endsWith('package.json') || f.endsWith('package-lock.json'));
+
+    if (packageModified || stepConfig.alwaysAudit) {
+      try {
+        const auditResult = execSync('npm audit --json 2>/dev/null', {
+          cwd: PATHS.root,
+          encoding: 'utf8',
+          stdio: ['pipe', 'pipe', 'pipe'],
+        });
+
+        const audit = JSON.parse(auditResult);
+
+        if (audit.metadata && audit.metadata.vulnerabilities) {
+          const vulns = audit.metadata.vulnerabilities;
+
+          if (severity === 'critical' && vulns.critical > 0) {
             issues.push({
               type: 'npm_audit',
-              severity: 'moderate',
-              message: `${count} moderate+ vulnerabilities found`,
-              count,
+              severity: 'critical',
+              message: `${vulns.critical} critical vulnerabilities found`,
+              count: vulns.critical,
             });
-          }
-        }
-      }
-    } catch (err) {
-      // npm audit failed or returned non-zero
-      if (e.stdout) {
-        try {
-          const audit = JSON.parse(e.stdout);
-          if (audit.metadata && audit.metadata.vulnerabilities) {
-            const vulns = audit.metadata.vulnerabilities;
+          } else if (severity === 'high' && (vulns.critical > 0 || vulns.high > 0)) {
             const count = vulns.critical + vulns.high;
-            if (count > 0 && (severity === 'high' || severity === 'critical')) {
+            issues.push({
+              type: 'npm_audit',
+              severity: 'high',
+              message: `${count} high/critical vulnerabilities found`,
+              count,
+            });
+          } else if (severity === 'moderate') {
+            const count = vulns.critical + vulns.high + vulns.moderate;
+            if (count > 0) {
               issues.push({
                 type: 'npm_audit',
-                severity: 'high',
-                message: `${count} high/critical vulnerabilities`,
+                severity: 'moderate',
+                message: `${count} moderate+ vulnerabilities found`,
                 count,
               });
             }
           }
-        } catch (parseError) {
-          // Ignore parse errors
+        }
+      } catch (err) {
+        // npm audit failed or returned non-zero
+        if (err.stdout) {
+          try {
+            const audit = JSON.parse(err.stdout);
+            if (audit.metadata && audit.metadata.vulnerabilities) {
+              const vulns = audit.metadata.vulnerabilities;
+              const count = vulns.critical + vulns.high;
+              if (count > 0 && (severity === 'high' || severity === 'critical')) {
+                issues.push({
+                  type: 'npm_audit',
+                  severity: 'high',
+                  message: `${count} high/critical vulnerabilities`,
+                  count,
+                });
+              }
+            }
+          } catch (_parseError) {
+            // Ignore parse errors
+          }
         }
       }
     }
-  }
 
-  // 3. Evaluate results
-  if (issues.length === 0) {
-    return { passed: true, message: 'Security scan passed' };
-  }
+    // 3. Evaluate results
+    if (issues.length === 0) {
+      return this.pass('Security scan passed');
+    }
 
-  // Filter by severity for blocking
-  const blockingIssues = issues.filter(i => {
-    if (severity === 'critical') return i.severity === 'critical';
-    if (severity === 'high') return i.severity === 'high' || i.severity === 'critical';
-    return true;
-  });
-
-  if (blockingIssues.length > 0) {
-    return {
-      passed: false,
-      message: `${blockingIssues.length} security issue(s) found`,
-      details: blockingIssues,
-    };
-  }
+    // Filter by severity for blocking
+    const blockingIssues = issues.filter(i => {
+      if (severity === 'critical') return i.severity === 'critical';
+      if (severity === 'high') return i.severity === 'high' || i.severity === 'critical';
+      return true;
+    });
+
+    if (blockingIssues.length > 0) {
+      return this.fail(`${blockingIssues.length} security issue(s) found`, blockingIssues);
+    }
 
-  // Non-blocking issues
-  return {
-    passed: true,
-    message: `${issues.length} low-severity issue(s) found`,
-    details: issues,
-  };
+    // Non-blocking issues
+    return this.pass(`${issues.length} low-severity issue(s) found`);
+  }
 }
 
-module.exports = { run };
+const step = new SecurityStep();
+module.exports = { run: (opts) => step.run(opts) };

package/scripts/flow-step-silent-failures.js

@@ -11,86 +11,68 @@
  * - try-finally without catch
  */
 
-const fs = require('node:fs');
-const path = require('node:path');
-const { getProjectRoot, colors } = require('./flow-utils');
-
-const PROJECT_ROOT = getProjectRoot();
-
-/**
- * Run silent failure detection as a workflow step
- *
- * @param {object} options
- * @param {string[]} options.files - Files modified
- * @param {object} options.stepConfig - Step configuration
- * @param {string} options.mode - Step mode (block/warn/prompt/auto)
- * @returns {object} - { passed: boolean, message: string, details?: object[] }
- */
-async function run(options = {}) {
-  const { files = [], stepConfig = {} } = options;
-  const checkEmptyCatch = stepConfig.checkEmptyCatch !== false;
-  const checkLogOnlyCatch = stepConfig.checkLogOnlyCatch !== false;
-  const checkUnhandledAsync = stepConfig.checkUnhandledAsync !== false;
-  const checkPromiseChains = stepConfig.checkPromiseChains !== false;
-
-  // Filter to analyzable files
-  const analyzableExtensions = ['.js', '.ts', '.jsx', '.tsx'];
-  const analyzableFiles = files.filter(f =>
-    analyzableExtensions.some(ext => f.endsWith(ext)) &&
-    !f.includes('.test.') &&
-    !f.includes('.spec.') &&
-    !f.includes('.d.ts')
-  );
-
-  if (analyzableFiles.length === 0) {
-    return { passed: true, message: 'No files to analyze' };
+const { BaseWorkflowStep } = require('./base-workflow-step');
+const { colors } = require('./flow-utils');
+
+class SilentFailureStep extends BaseWorkflowStep {
+  constructor() {
+    super('silentFailureHunter', {
+      extensions: ['.js', '.ts', '.jsx', '.tsx'],
+      excludeTests: true,
+      excludeDts: true,
+    });
   }
 
-  const issues = [];
-
-  for (const file of analyzableFiles) {
-    const filePath = path.join(PROJECT_ROOT, file);
-    if (!fs.existsSync(filePath)) continue;
-
-    try {
-      const content = fs.readFileSync(filePath, 'utf8');
-      const fileIssues = analyzeForSilentFailures(content, file, {
-        checkEmptyCatch,
-        checkLogOnlyCatch,
-        checkUnhandledAsync,
-        checkPromiseChains,
-      });
-      issues.push(...fileIssues);
-    } catch (err) {
-      // Skip unreadable files
+  async execute(files, options) {
+    const { stepConfig = {} } = options;
+    const checkEmptyCatch = stepConfig.checkEmptyCatch !== false;
+    const checkLogOnlyCatch = stepConfig.checkLogOnlyCatch !== false;
+    const checkUnhandledAsync = stepConfig.checkUnhandledAsync !== false;
+    const checkPromiseChains = stepConfig.checkPromiseChains !== false;
+
+    const issues = [];
+
+    for (const file of files) {
+      const content = this.readFile(file);
+      if (!content) continue;
+
+      try {
+        const fileIssues = analyzeForSilentFailures(content, file, {
+          checkEmptyCatch,
+          checkLogOnlyCatch,
+          checkUnhandledAsync,
+          checkPromiseChains,
+        });
+        issues.push(...fileIssues);
+      } catch (_err) {
+        // Skip unreadable files
+      }
     }
-  }
 
-  if (issues.length === 0) {
-    return {
-      passed: true,
-      message: 'No silent failure patterns detected',
-    };
-  }
+    if (issues.length === 0) {
+      return this.pass('No silent failure patterns detected');
+    }
 
-  // Report issues
-  console.log(colors.yellow + '\n  Silent Failure Patterns Detected:' + colors.reset);
-  for (const issue of issues) {
-    const icon = issue.severity === 'high' ? '\u{1F534}' : '\u{1F7E1}';
-    console.log(`    ${icon} ${issue.file}:${issue.line}`);
-    console.log(`       ${issue.type}: ${issue.message}`);
-    if (issue.suggestion) {
-      console.log(colors.dim + `       \u{2192} ${issue.suggestion}` + colors.reset);
+    // Report issues
+    console.log(colors.yellow + '\n  Silent Failure Patterns Detected:' + colors.reset);
+    for (const issue of issues) {
+      const icon = issue.severity === 'high' ? '\u{1F534}' : '\u{1F7E1}';
+      console.log(`    ${icon} ${issue.file}:${issue.line}`);
+      console.log(`       ${issue.type}: ${issue.message}`);
+      if (issue.suggestion) {
+        console.log(colors.dim + `       \u{2192} ${issue.suggestion}` + colors.reset);
+      }
     }
-  }
 
-  const highSeverity = issues.filter(i => i.severity === 'high');
+    const highSeverity = issues.filter(i => i.severity === 'high');
 
-  return {
-    passed: highSeverity.length === 0,
-    message: `${issues.length} silent failure pattern(s) found (${highSeverity.length} high severity)`,
-    details: issues,
-  };
+    return highSeverity.length === 0
+      ? this.pass(`${issues.length} silent failure pattern(s) found (${highSeverity.length} high severity)`)
+      : this.fail(
+          `${issues.length} silent failure pattern(s) found (${highSeverity.length} high severity)`,
+          issues
+        );
+  }
 }
 
 /**
@@ -159,9 +141,7 @@ function analyzeForSilentFailures(content, fileName, config) {
 
     // Check for unhandled promise chains (config.checkPromiseChains)
     if (config.checkPromiseChains) {
-      // Look for .then() without .catch()
       if (/\.then\s*\(/.test(line) && !line.includes('.catch(') && !line.includes('await')) {
-        // Check if .catch() is on the next few lines
         const nextLines = lines.slice(i, i + 5).join(' ');
         if (!nextLines.includes('.catch(') && !nextLines.includes('.finally(')) {
           issues.push({
@@ -180,7 +160,6 @@ function analyzeForSilentFailures(content, fileName, config) {
     if (config.checkUnhandledAsync) {
       const asyncMatch = line.match(/async\s+(?:function\s+)?(\w+)?/);
       if (asyncMatch && !line.includes('test') && !line.includes('spec')) {
-        // Find the function body
         const funcStart = i;
         let funcBraceDepth = 0;
         let funcStarted = false;
@@ -195,10 +174,8 @@ function analyzeForSilentFailures(content, fileName, config) {
           if (funcStarted && funcBraceDepth === 0) break;
         }
 
-        // Check if function has await but no try-catch
         if (/\bawait\b/.test(funcContent) && !/\btry\s*\{/.test(funcContent)) {
           const funcName = asyncMatch[1] || 'anonymous';
-          // Don't flag if it's a short function (likely a wrapper)
           if (funcContent.split('\n').length > 5) {
             issues.push({
               file: fileName,
@@ -224,10 +201,8 @@ function analyzeCatchBlock(catchLines, startLine, fileName, config) {
   const issues = [];
   const catchBody = catchLines.join('\n').trim();
 
-  // Remove the closing brace if present
   const cleanBody = catchBody.replace(/\}\s*$/, '').trim();
 
-  // Check for empty catch block
   if (config.checkEmptyCatch && cleanBody.length === 0) {
     issues.push({
       file: fileName,
@@ -240,7 +215,6 @@ function analyzeCatchBlock(catchLines, startLine, fileName, config) {
     return issues;
   }
 
-  // Check for catch blocks that only log
   if (config.checkLogOnlyCatch) {
     const onlyLogging = /^(?:console\.(?:log|error|warn)|logger\.(?:log|error|warn|info))\s*\(/i.test(cleanBody);
     const hasOtherStatements = cleanBody.split(';').filter(s => {
@@ -260,7 +234,6 @@ function analyzeCatchBlock(catchLines, startLine, fileName, config) {
     }
   }
 
-  // Check for catch blocks that swallow specific errors
   if (/return\s*(?:null|undefined|false|''|""|``)/.test(cleanBody)) {
     issues.push({
       file: fileName,
@@ -272,7 +245,6 @@ function analyzeCatchBlock(catchLines, startLine, fileName, config) {
     });
   }
 
-  // Check for catch block with only a comment
   if (/^\/[/*]/.test(cleanBody) && cleanBody.split('\n').every(l => l.trim().startsWith('//') || l.trim().startsWith('*') || l.trim() === '')) {
     issues.push({
       file: fileName,
@@ -287,4 +259,5 @@ function analyzeCatchBlock(catchLines, startLine, fileName, config) {
   return issues;
 }
 
-module.exports = { run, analyzeForSilentFailures };
+const step = new SilentFailureStep();
+module.exports = { run: (opts) => step.run(opts), analyzeForSilentFailures };

package/scripts/flow-step-simplifier.js

@@ -11,85 +11,66 @@
  * Both can be enabled together for comprehensive analysis.
  */
 
-const fs = require('node:fs');
-const path = require('node:path');
-const { getProjectRoot, colors } = require('./flow-utils');
-
-const PROJECT_ROOT = getProjectRoot();
-
-/**
- * Run code simplifier analysis step
- *
- * @param {object} options
- * @param {string[]} options.files - Files modified
- * @param {object} options.stepConfig - Step configuration
- * @param {string} options.mode - Step mode (block/warn/prompt/auto)
- * @returns {object} - { passed: boolean, message: string, details?: object[] }
- */
-async function run(options = {}) {
-  const { files = [], stepConfig = {} } = options;
-  const maxFunctionLines = stepConfig.maxFunctionLines || 50;
-  const maxNestingDepth = stepConfig.maxNestingDepth || 3;
-  const suggestExtraction = stepConfig.suggestExtraction !== false;
-
-  // Filter to analyzable files
-  const analyzableExtensions = ['.js', '.ts', '.jsx', '.tsx'];
-  const analyzableFiles = files.filter(f =>
-    analyzableExtensions.some(ext => f.endsWith(ext)) &&
-    !f.includes('.test.') &&
-    !f.includes('.spec.') &&
-    !f.includes('.d.ts')
-  );
-
-  if (analyzableFiles.length === 0) {
-    return { passed: true, message: 'No analyzable files modified' };
+const { BaseWorkflowStep } = require('./base-workflow-step');
+const { colors } = require('./flow-utils');
+
+class SimplifierStep extends BaseWorkflowStep {
+  constructor() {
+    super('codeSimplifier', {
+      extensions: ['.js', '.ts', '.jsx', '.tsx'],
+      excludeTests: true,
+      excludeDts: true,
+    });
   }
 
-  const suggestions = [];
+  async execute(files, options) {
+    const { stepConfig = {} } = options;
+    const maxFunctionLines = stepConfig.maxFunctionLines || 50;
+    const maxNestingDepth = stepConfig.maxNestingDepth || 3;
+    const suggestExtraction = stepConfig.suggestExtraction !== false;
 
-  for (const file of analyzableFiles) {
-    const filePath = path.join(PROJECT_ROOT, file);
-    if (!fs.existsSync(filePath)) continue;
+    const suggestions = [];
 
-    try {
-      const content = fs.readFileSync(filePath, 'utf8');
-      const fileSuggestions = analyzeForSimplification(content, file, {
-        maxFunctionLines,
-        maxNestingDepth,
-        suggestExtraction,
-      });
-      suggestions.push(...fileSuggestions);
-    } catch (err) {
-      // Skip files that can't be analyzed
+    for (const file of files) {
+      const content = this.readFile(file);
+      if (!content) continue;
+
+      try {
+        const fileSuggestions = analyzeForSimplification(content, file, {
+          maxFunctionLines,
+          maxNestingDepth,
+          suggestExtraction,
+        });
+        suggestions.push(...fileSuggestions);
+      } catch (_err) {
+        // Skip files that can't be analyzed
+      }
     }
-  }
 
-  if (suggestions.length === 0) {
-    return {
-      passed: true,
-      message: 'No simplification suggestions',
-    };
-  }
+    if (suggestions.length === 0) {
+      return this.pass('No simplification suggestions');
+    }
 
-  // Report suggestions
-  console.log(colors.cyan + '\n  Code Simplification Suggestions:' + colors.reset);
-  for (const suggestion of suggestions) {
-    const icon = suggestion.severity === 'high' ? '\u{1F534}' : '\u{1F7E1}';
-    console.log(`    ${icon} ${suggestion.file}:${suggestion.line}`);
-    console.log(`       ${suggestion.type}: ${suggestion.message}`);
-    if (suggestion.suggestion) {
-      console.log(colors.dim + `       \u{2192} ${suggestion.suggestion}` + colors.reset);
+    // Report suggestions
+    console.log(colors.cyan + '\n  Code Simplification Suggestions:' + colors.reset);
+    for (const suggestion of suggestions) {
+      const icon = suggestion.severity === 'high' ? '\u{1F534}' : '\u{1F7E1}';
+      console.log(`    ${icon} ${suggestion.file}:${suggestion.line}`);
+      console.log(`       ${suggestion.type}: ${suggestion.message}`);
+      if (suggestion.suggestion) {
+        console.log(colors.dim + `       \u{2192} ${suggestion.suggestion}` + colors.reset);
+      }
     }
-  }
 
-  // Mode determines if this blocks
-  const highSeverity = suggestions.filter(s => s.severity === 'high');
+    const highSeverity = suggestions.filter(s => s.severity === 'high');
 
-  return {
-    passed: highSeverity.length === 0,
-    message: `${suggestions.length} simplification suggestion(s) (${highSeverity.length} high severity)`,
-    details: suggestions,
-  };
+    return highSeverity.length === 0
+      ? this.pass(`${suggestions.length} simplification suggestion(s) (${highSeverity.length} high severity)`)
+      : this.fail(
+          `${suggestions.length} simplification suggestion(s) (${highSeverity.length} high severity)`,
+          suggestions
+        );
+  }
 }
 
 /**
@@ -343,4 +324,5 @@ function findDuplicationPatterns(content, fileName) {
   return suggestions;
 }
 
-module.exports = { run, analyzeForSimplification };
+const step = new SimplifierStep();
+module.exports = { run: (opts) => step.run(opts), analyzeForSimplification };

package/scripts/flow-story.js

@@ -24,7 +24,7 @@ const {
   outputJson,
   withLock,
   safeJsonParse,
-  isPathWithinProject
+  isPathWithinProject, PATHS
 } = require('./flow-utils');
 const { success, warn, error, info, print, printHeader } = require('./flow-output');
 
@@ -39,11 +39,8 @@ try {
 // Import parallel execution detection
 const { findParallelizable, getParallelConfig } = require('./flow-parallel');
 
-const PROJECT_ROOT = getProjectRoot();
-const WORKFLOW_DIR = path.join(PROJECT_ROOT, '.workflow');
-const CHANGES_DIR = path.join(WORKFLOW_DIR, 'changes');
-const STATE_DIR = path.join(WORKFLOW_DIR, 'state');
-const READY_PATH = path.join(STATE_DIR, 'ready.json');
+const CHANGES_DIR = PATHS.changes;
+const READY_PATH = PATHS.ready;
 
 function log(color, ...args) {
   console.log(colors[color] + args.join(' ') + colors.reset);
@@ -335,7 +332,7 @@ async function createStory(title, options = {}) {
     targetDir = path.join(CHANGES_DIR, featureFolder);
 
     // Security: Validate path is within project (defense against path traversal)
-    if (!isPathWithinProject(targetDir, PROJECT_ROOT)) {
+    if (!isPathWithinProject(targetDir, PATHS.root)) {
       throw new Error(`Security: Target directory "${targetDir}" is outside project root`);
     }
 

package/scripts/flow-strict-adherence.js

@@ -27,16 +27,15 @@ const {
   warn,
   error,
   info,
-  success
+  success, PATHS
 } = require('./flow-utils');
 
 // ============================================================
 // Constants
 // ============================================================
 
-const PROJECT_ROOT = getProjectRoot();
-const STANDARDS_PATH = path.join(PROJECT_ROOT, '.workflow/state/project-standards.json');
-const OVERRIDES_PATH = path.join(PROJECT_ROOT, '.workflow/state/adherence-overrides.json');
+const STANDARDS_PATH = path.join(PATHS.root, '.workflow/state/project-standards.json');
+const OVERRIDES_PATH = path.join(PATHS.root, '.workflow/state/adherence-overrides.json');
 
 // Escape special regex characters for safe dynamic regex construction
 function escapeRegExp(string) {