wogiflow 2.6.4 → 2.7.1

package/lib/workspace-routing.js

@@ -221,8 +221,8 @@ After completing the task:
 
     agentConfig: {
       description: `${repoName}: ${task.substring(0, 50)}...`,
-      // The sub-agent should work within the repo directory
-      // The orchestrator (workspace manager) will read results after completion
+      // Named subagent (2.1.88+): shows in @ mention typeahead as @repoName
+      name: repoName
     }
   };
 }
@@ -364,6 +364,7 @@ Your job:
 Be specific about file names, line numbers, and error messages.`,
       agentConfig: {
         description: `Investigate: ${name} — ${bugDescription.substring(0, 40)}...`,
+        name: `${name}-investigator`,
         model: 'sonnet' // Use cheaper model for investigation
       }
     });
@@ -479,6 +480,146 @@ function getExecutionOrder(manifest, targetRepos) {
   return order;
 }
 
+// ============================================================
+// Cross-Repo Dependency-Aware Task Blocking
+// ============================================================
+
+/**
+ * Block consumer-side tasks until their provider dependencies are complete.
+ * Reads workspace-level ready.json and each member's ready.json to find
+ * cross-repo dependencies.
+ *
+ * @param {string} workspaceRoot
+ * @param {Object} manifest
+ * @returns {{ blockedTasks: Array<Object>, unblockedTasks: Array<Object> }}
+ */
+function updateCrossRepoBlocking(workspaceRoot, manifest) {
+  const configPath = path.join(workspaceRoot, 'wogi-workspace.json');
+  let config;
+  try {
+    config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+  } catch (_err) {
+    return { blockedTasks: [], unblockedTasks: [] };
+  }
+
+  const blockedTasks = [];
+  const unblockedTasks = [];
+  const memberTasks = {};
+
+  // Collect all tasks from all member repos
+  for (const [name, memberConfig] of Object.entries(config.members || {})) {
+    const memberPath = path.resolve(workspaceRoot, memberConfig.path);
+    const readyPath = path.join(memberPath, '.workflow', 'state', 'ready.json');
+    try {
+      if (fs.existsSync(readyPath)) {
+        const ready = JSON.parse(fs.readFileSync(readyPath, 'utf-8'));
+        memberTasks[name] = {
+          path: memberPath,
+          readyPath,
+          ready,
+          inProgress: ready.inProgress || [],
+          readyItems: ready.ready || [],
+          completed: ready.recentlyCompleted || []
+        };
+      }
+    } catch (_err) {
+      // Skip
+    }
+  }
+
+  // For each member's ready tasks, check if they depend on workspace tasks
+  const executionOrder = getExecutionOrder(manifest, Object.keys(config.members));
+
+  for (const [name, data] of Object.entries(memberTasks)) {
+    const memberPhase = executionOrder.find(o => o.name === name);
+    if (!memberPhase) continue;
+
+    for (const task of data.readyItems) {
+      // Check if this task has workspace source and blockedBy
+      if (!task.source?.startsWith('workspace:')) continue;
+
+      const blockedBy = task.blockedBy || [];
+      let isBlocked = false;
+
+      for (const depId of blockedBy) {
+        // Check if the blocking task is completed in any member
+        let depCompleted = false;
+        for (const [depName, depData] of Object.entries(memberTasks)) {
+          if (depData.completed.some(t => t.id === depId)) {
+            depCompleted = true;
+            break;
+          }
+        }
+
+        if (!depCompleted) {
+          isBlocked = true;
+          break;
+        }
+      }
+
+      if (isBlocked) {
+        blockedTasks.push({ repo: name, task, blockedBy });
+      } else if (blockedBy.length > 0) {
+        unblockedTasks.push({ repo: name, task });
+      }
+    }
+  }
+
+  return { blockedTasks, unblockedTasks };
+}
+
+/**
+ * Build a visual dependency tree for workspace tasks.
+ *
+ * @param {string} workspaceRoot
+ * @param {Object} manifest
+ * @returns {string} formatted tree
+ */
+function formatDependencyTree(workspaceRoot, manifest) {
+  const configPath = path.join(workspaceRoot, 'wogi-workspace.json');
+  let config;
+  try {
+    config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+  } catch (_err) {
+    return 'No workspace config found.';
+  }
+
+  const lines = ['Workspace Task Dependencies:'];
+  const order = getExecutionOrder(manifest, Object.keys(config.members || {}));
+
+  for (const entry of order) {
+    const memberConfig = config.members[entry.name];
+    if (!memberConfig) continue;
+
+    const memberPath = path.resolve(workspaceRoot, memberConfig.path);
+    const readyPath = path.join(memberPath, '.workflow', 'state', 'ready.json');
+
+    try {
+      if (!fs.existsSync(readyPath)) continue;
+      const ready = JSON.parse(fs.readFileSync(readyPath, 'utf-8'));
+      const wsTasks = [...(ready.inProgress || []), ...(ready.ready || []), ...(ready.blocked || [])]
+        .filter(t => t.source?.startsWith('workspace:'));
+
+      if (wsTasks.length === 0) continue;
+
+      lines.push(`\n  ${entry.name} (${entry.role}, phase ${entry.order}):`);
+      for (const task of wsTasks) {
+        const status = task.status === 'completed' ? '\u2713' :
+          (ready.inProgress || []).some(t => t.id === task.id) ? '\u25B6' :
+            task.blockedBy?.length ? '\u2718' : '\u25CB';
+        const blockedNote = task.blockedBy?.length
+          ? ` [blocked by: ${task.blockedBy.join(', ')}]`
+          : '';
+        lines.push(`    ${status} ${task.id} — ${task.title}${blockedNote}`);
+      }
+    } catch (_err) {
+      // Skip
+    }
+  }
+
+  return lines.join('\n');
+}
+
 // ============================================================
 // Channel-Based Dispatch (wf-d4b98f60)
 // ============================================================
@@ -772,6 +913,10 @@ module.exports = {
   // Ordering
   getExecutionOrder,
 
+  // Cross-repo blocking
+  updateCrossRepoBlocking,
+  formatDependencyTree,
+
   // Channel dispatch
   dispatchToChannel,
   dispatchCrossRepoPlan,

package/lib/workspace.js

@@ -637,6 +637,14 @@ ${Object.entries(config.channels?.members || {}).map(([name, ch]) =>
 \`\`\`
 Then read responses from \`.workspace/messages/\` and synthesize findings.
 
+## Named Workspace Agents (Claude Code 2.1.88+)
+
+Workers are named subagents — they appear in the @ mention typeahead. Users can address them directly:
+${Object.keys(config.channels?.members || {}).map(name => `- **@${name}** — the ${name} repo worker`).join('\n')}
+${Object.keys(config.channels?.members || {}).map(name => `- **@${name}-investigator** — investigation agent for ${name}`).join('\n')}
+
+When spawning agents for delegation, always include the \`name\` field in the Agent config to enable @mention addressing.
+
 ## Waiting for Worker Results (CRITICAL — Automatic Return Path)
 
 Workers **automatically write results** to \`.workspace/messages/\` when they complete a task. You do NOT need to ask them to report back — the task-completed hook writes a \`task-complete\` message automatically.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wogiflow",
-  "version": "2.6.4",
+  "version": "2.7.1",
   "description": "AI-powered development workflow management system with multi-model support",
   "main": "lib/index.js",
   "bin": {

package/scripts/flow-done-gates.js

@@ -57,6 +57,19 @@ function getRegistryManager() {
   return _registryManagerModule;
 }
 
+// Workspace gates — lazy-loaded (only active when workspace mode is detected)
+let _workspaceGatesModule = undefined;
+function getWorkspaceGates() {
+  if (_workspaceGatesModule === undefined) {
+    try {
+      _workspaceGatesModule = require('../lib/workspace-gates');
+    } catch (_err) {
+      _workspaceGatesModule = null;
+    }
+  }
+  return _workspaceGatesModule;
+}
+
 // ============================================================
 // Gate Handlers
 // ============================================================
@@ -717,6 +730,60 @@ function unknownGate(ctx, gateName) {
 // Gate Registry
 // ============================================================
 
+// ============================================================
+// Workspace Quality Gates (conditional — only when workspace active)
+// ============================================================
+
+/**
+ * Workspace gate handler. Delegates to workspace-gates.js for each
+ * sub-gate (crossRepoImpactCheck, contractCompliance, peerNotification,
+ * cascadeVerification, integrationMapFreshness).
+ *
+ * This is a single gate entry in GATE_REGISTRY that runs all applicable
+ * workspace sub-gates based on task type.
+ */
+function workspaceGate(ctx, gateName) {
+  const wsGates = getWorkspaceGates();
+  if (!wsGates) {
+    return { passed: true, skipped: true };
+  }
+
+  const ws = wsGates.workspaceActive();
+  if (!ws.active) {
+    return { passed: true, skipped: true };
+  }
+
+  const context = wsGates.loadWorkspaceContext(ws.root);
+  const taskMeta = {
+    taskId: ctx.taskId,
+    taskTitle: ctx.taskTitle || '',
+    taskType: ctx.normalizedType || 'feature',
+    impactAssessed: ctx.impactAssessed || false
+  };
+
+  const results = wsGates.runAllWorkspaceGates(ws.root, context, taskMeta);
+
+  // Display results
+  for (const r of results.results) {
+    if (r.passed) {
+      ctx.success(`workspace/${r.gate}: ${r.message}`);
+    } else if (r.severity === 'warning') {
+      console.log(`  ${ctx.color('yellow', '\u25CB')} workspace/${r.gate}: ${r.message}`);
+    } else {
+      ctx.error(`workspace/${r.gate}: ${r.message}`);
+    }
+  }
+
+  if (!results.passed) {
+    return {
+      passed: false,
+      errorOutput: `${results.errors} workspace gate(s) failed, ${results.warnings} warning(s)`
+    };
+  }
+
+  return { passed: true };
+}
+
 const GATE_REGISTRY = {
   tests: testsGate,
   lint: lintGate,
@@ -737,6 +804,8 @@ const GATE_REGISTRY = {
   uiVerification: verificationGate,
   apiVerification: verificationGate,
   testDiscovery: testDiscoveryGate,
+  // Workspace gates (conditional — auto-skip when not in workspace)
+  workspaceCompliance: workspaceGate,
 };
 
 /**
@@ -782,5 +851,6 @@ module.exports = {
   generatedTestsPassGate,
   verificationGate,
   testDiscoveryGate,
+  workspaceGate,
   unknownGate,
 };

package/scripts/hooks/entry/claude-code/permission-denied.js

@@ -0,0 +1,111 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - Claude Code PermissionDenied Hook
+ *
+ * Fires after auto-mode classifier denies a tool use.
+ * Available in Claude Code 2.1.88+.
+ *
+ * Handles:
+ * 1. Logging — tracks denied permissions for diagnostics
+ * 2. Workspace redirect — when a worker tries to access a file in another
+ *    repo, redirect via the workspace message bus instead of retrying
+ * 3. Guidance — provides actionable hints about what to do instead
+ *
+ * Return { retry: true } to tell the model it can retry the operation.
+ * Return { retry: false } (or nothing) to accept the denial.
+ */
+
+'use strict';
+
+const path = require('node:path');
+const { runHook } = require('../shared/hook-runner');
+
+runHook('PermissionDenied', async ({ input, parsedInput }) => {
+  const toolName = parsedInput.toolName || input.tool_name || 'unknown';
+  const toolInput = parsedInput.toolInput || input.tool_input || {};
+  const filePath = toolInput.file_path || toolInput.command || '';
+  const reason = input.denial_reason || input.reason || '';
+
+  // ── 1. Log the denial for diagnostics ──────────────────────
+  try {
+    const fs = require('node:fs');
+    const { PATHS } = require('../../../flow-utils');
+    const logPath = path.join(PATHS.state, 'permission-denials.json');
+
+    let denials = [];
+    try {
+      if (fs.existsSync(logPath)) {
+        denials = JSON.parse(fs.readFileSync(logPath, 'utf-8'));
+        if (!Array.isArray(denials)) denials = [];
+      }
+    } catch (_err) {
+      denials = [];
+    }
+
+    denials.push({
+      tool: toolName,
+      target: typeof filePath === 'string' ? filePath.substring(0, 200) : '',
+      reason: typeof reason === 'string' ? reason.substring(0, 200) : '',
+      timestamp: new Date().toISOString()
+    });
+
+    // Keep last 100 denials
+    if (denials.length > 100) denials = denials.slice(-100);
+
+    fs.mkdirSync(path.dirname(logPath), { recursive: true });
+    fs.writeFileSync(logPath, JSON.stringify(denials, null, 2));
+  } catch (_err) {
+    // Non-critical — don't let logging failure break the hook
+  }
+
+  // ── 2. Workspace redirect — cross-repo file access ─────────
+  // When a worker tries to read/write a file that belongs to another repo,
+  // redirect them to use the workspace message bus instead.
+  const isWorkspace = !!process.env.WOGI_WORKSPACE_ROOT;
+  const repoName = process.env.WOGI_REPO_NAME || '';
+
+  if (isWorkspace && typeof filePath === 'string' && filePath.length > 0) {
+    const workspaceRoot = process.env.WOGI_WORKSPACE_ROOT;
+
+    // Check if the denied path is inside the workspace but outside this repo
+    try {
+      const resolvedFile = path.resolve(filePath);
+      const resolvedRoot = path.resolve(workspaceRoot);
+      const isInsideWorkspace = resolvedFile.startsWith(resolvedRoot + path.sep);
+      const cwd = process.cwd();
+      const isOutsideOwnRepo = !resolvedFile.startsWith(cwd + path.sep) && resolvedFile !== cwd;
+
+      if (isInsideWorkspace && isOutsideOwnRepo) {
+        // This is a cross-repo access attempt — redirect to message bus
+        // Extract the target repo name from the path
+        const relPath = resolvedFile.substring(resolvedRoot.length + 1);
+        const targetRepo = relPath.split(path.sep)[0] || 'unknown';
+
+        const guidance = [
+          `Cross-repo file access denied: ${toolName} on ${path.basename(filePath)}`,
+          `Target repo: ${targetRepo} (you are: ${repoName})`,
+          '',
+          'In workspace mode, repos cannot directly access each other\'s files.',
+          `Use workspace_send_message(to: "${targetRepo}", message: "...") to ask the other repo\'s worker.`,
+          `Or use workspace_send_message(to: "manager", message: "...") to escalate to the manager.`
+        ].join('\n');
+
+        return {
+          __raw: true,
+          retry: false,
+          message: guidance
+        };
+      }
+    } catch (_err) {
+      // Path resolution failed — fall through to default handling
+    }
+  }
+
+  // ── 3. Default handling — accept denial with guidance ──────
+  // For non-workspace denials, just accept and let the model know
+  return {
+    __raw: true,
+    retry: false
+  };
+}, { failMode: 'silent' });

package/scripts/postinstall.js

@@ -269,6 +269,8 @@ const HOOK_VERSION_MAP = {
   PostCompact: { major: 2, minor: 1, patch: 76 },
   // Hooks added in 2.1.84+
   TaskCreated: { major: 2, minor: 1, patch: 84 },
+  // Hooks added in 2.1.88+
+  PermissionDenied: { major: 2, minor: 1, patch: 88 },
 };
 
 /**
@@ -310,7 +312,26 @@ function versionMeetsMinimum(version, minimum) {
  * @returns {string[]} List of removed hook names
  */
 function stripUnsupportedHooks(settings, ccVersion) {
-  if (!settings || !settings.hooks || !ccVersion) return [];
+  if (!settings || !settings.hooks) return [];
+
+  // CRITICAL: When CC version is unknown, strip ALL hooks added after the base set (2.1.23).
+  // CC rejects the ENTIRE settings file if it encounters an unknown hook event name —
+  // this means one unsupported hook kills ALL hooks. Fail-safe: keep only the base set.
+  const BASE_HOOKS = new Set([
+    'SessionStart', 'UserPromptSubmit', 'PreToolUse', 'PostToolUse',
+    'Stop', 'SessionEnd', 'TaskCompleted'
+  ]);
+
+  if (!ccVersion) {
+    const removed = [];
+    for (const hookName of Object.keys(settings.hooks)) {
+      if (!BASE_HOOKS.has(hookName)) {
+        delete settings.hooks[hookName];
+        removed.push(`${hookName} (CC version unknown — keeping base hooks only)`);
+      }
+    }
+    return removed;
+  }
 
   const removed = [];
   for (const hookName of Object.keys(settings.hooks)) {
@@ -323,6 +344,39 @@ function stripUnsupportedHooks(settings, ccVersion) {
   return removed;
 }
 
+/**
+ * Dynamically inject hooks that are NOT in the base settings.json but are
+ * supported by the detected Claude Code version. These hooks are intentionally
+ * excluded from the committed settings.json because CC rejects the ENTIRE file
+ * when it encounters an unknown hook event name.
+ *
+ * @param {Object} settings - Parsed settings object (mutated in place)
+ * @param {{ major: number, minor: number, patch: number }} ccVersion
+ */
+function injectDynamicHooks(settings, ccVersion) {
+  if (!settings || !settings.hooks) return;
+
+  // Map of hooks to inject with their minimum version and command
+  const DYNAMIC_HOOKS = [
+    {
+      name: 'TaskCreated',
+      minVersion: { major: 2, minor: 1, patch: 84 },
+      config: [{ hooks: [{ type: 'command', command: 'node scripts/hooks/entry/claude-code/task-created.js', timeout: 5 }] }]
+    },
+    {
+      name: 'PermissionDenied',
+      minVersion: { major: 2, minor: 1, patch: 88 },
+      config: [{ hooks: [{ type: 'command', command: 'node scripts/hooks/entry/claude-code/permission-denied.js', timeout: 5 }] }]
+    }
+  ];
+
+  for (const hook of DYNAMIC_HOOKS) {
+    if (!settings.hooks[hook.name] && versionMeetsMinimum(ccVersion, hook.minVersion)) {
+      settings.hooks[hook.name] = hook.config;
+    }
+  }
+}
+
 /**
  * Rewrite hook command paths from local dev paths to package paths.
  * The package's settings.json uses local paths (node scripts/hooks/...)
@@ -404,12 +458,20 @@ function copyClaudeResources() {
         const ccVersion = detectClaudeCodeVersion();
         const removedHooks = stripUnsupportedHooks(ours, ccVersion);
         if (removedHooks.length > 0) {
-          console.log(`[wogiflow] Claude Code ${ccVersion.major}.${ccVersion.minor}.${ccVersion.patch} detected. Excluded unsupported hooks:`);
+          const versionStr = ccVersion ? `${ccVersion.major}.${ccVersion.minor}.${ccVersion.patch}` : 'unknown';
+          console.log(`[wogiflow] Claude Code ${versionStr} detected. Excluded unsupported hooks:`);
           for (const h of removedHooks) {
             console.log(`  - ${h}`);
           }
           console.log('[wogiflow] Update Claude Code for full functionality: npm i -g @anthropic-ai/claude-code@latest');
         }
+
+        // Dynamically inject hooks supported by this CC version but not in the base settings.json.
+        // These hooks are NOT committed to the repo to avoid breaking older CC versions.
+        if (ccVersion) {
+          injectDynamicHooks(ours, ccVersion);
+        }
+
         // Always update hooks (core WogiFlow functionality)
         existing.hooks = ours.hooks;
         existing._wogiFlowManaged = true;

package/.claude/rules/_internal/README.md

@@ -1,64 +0,0 @@
----
-alwaysApply: false
-description: "Meta-documentation about how project rules are organized"
----
-# Project Rules
-
-This directory contains coding rules and patterns for this project, organized by category.
-
-## Structure
-
-```
-.claude/rules/
-├── code-style/           # Naming conventions, formatting
-│   └── naming-conventions.md
-├── security/             # Security patterns and practices
-│   └── security-patterns.md
-├── architecture/         # Design decisions and patterns
-│   ├── component-reuse.md
-│   └── model-management.md
-└── README.md
-```
-
-## How Rules Work
-
-Rules are automatically loaded by Claude Code based on:
-- **alwaysApply: true** - Rule is always loaded
-- **alwaysApply: false** - Rule is loaded based on `globs` or `description` relevance
-- **globs** - File patterns that trigger rule loading
-
-## Adding New Rules
-
-1. Choose the appropriate category subdirectory
-2. Create a `.md` file with frontmatter:
-
-```yaml
----
-alwaysApply: false
-description: "Brief description for relevance matching"
-globs: src/**/*.ts  # Optional: only load for these files
----
-```
-
-3. Write the rule content in markdown
-
-## Categories
-
-| Category | Purpose |
-|----------|---------|
-| code-style | Naming conventions, formatting, file structure |
-| security | Security patterns, input validation, safe practices |
-| architecture | Design decisions, component patterns, system organization |
-
-## Auto-Generation
-
-Some rules can be auto-generated from `.workflow/state/decisions.md`:
-
-```bash
-node scripts/flow-rules-sync.js
-```
-
-The sync script will route rules to appropriate category subdirectories.
-
----
-Last updated: 2026-01-12

package/.claude/rules/_internal/document-structure.md

@@ -1,77 +0,0 @@
----
-alwaysApply: false
-description: "All AI-context documents must use PIN markers for targeted context loading"
-globs: ".workflow/**/*.md"
----
-
-# Document Structure for AI Context
-
-All documents in `.workflow/` that are used as AI context MUST follow the PIN standard.
-
-## Required Structure
-
-### 1. Header with PIN List
-Every document starts with a comment listing all pins in the document:
-```markdown
-<!-- PINS: pin1, pin2, pin3 -->
-```
-
-### 2. Section PIN Markers
-Each major section has a PIN marker comment:
-```markdown
-### Section Title
-<!-- PIN: section-specific-pin -->
-[Content]
-```
-
-### 3. PIN Naming Convention
-- Use kebab-case: `user-authentication`, not `userAuthentication`
-- Use semantic names: `error-handling`, not `eh`
-- Use compound names for specificity: `json-parse-safety`
-
-## Why PINs Matter
-
-The PIN system enables:
-1. **Targeted context loading**: Only load sections relevant to current task
-2. **Cheaper model routing**: Haiku can fetch only relevant sections for Opus
-3. **Change detection**: Hash sections independently for smart invalidation
-4. **Cross-reference**: Link sections by PIN across documents
-
-## Example Document
-
-```markdown
-# Config Reference
-
-<!-- PINS: database, authentication, api-keys, environment -->
-
-## Database Settings
-<!-- PIN: database -->
-| Setting | Default | Description |
-|---------|---------|-------------|
-
-## Authentication
-<!-- PIN: authentication -->
-| Setting | Default | Description |
-|---------|---------|-------------|
-```
-
-## Parsing
-
-The PIN system automatically parses documents with:
-- `flow-section-index.js` - Generates section index with pins
-- `flow-section-resolver.js` - Resolves sections by PIN lookup
-- `getSectionsByPins(['auth', 'security'])` - Fetch only relevant sections
-
-## Files That Must Have PINs
-
-| File | Required PINs |
-|------|---------------|
-| `decisions.md` | Per coding rule/pattern |
-| `app-map.md` | Per component/screen |
-| `product.md` | Per product section |
-| `stack.md` | Per technology |
-
-## Validation
-
-Run `node scripts/flow-section-index.js --force` to regenerate the index.
-Check `.workflow/state/section-index.json` for indexed sections and their pins.