wogiflow 2.7.1 → 2.9.0

package/scripts/flow-config-defaults.js

@@ -161,6 +161,7 @@ const RESEARCH_TRIGGERS = {
 const CONFIG_DEFAULTS = {
   // --- Core ---
   version: '2.0.0',
+  _configVersion: 2, // Tracks config schema version for migrations (see flow-config-migrate.js)
   projectName: '',
   cli: {
     type: 'claude-code',
@@ -172,6 +173,7 @@ const CONFIG_DEFAULTS = {
   enforcement: {
     strictMode: true,
     requireTaskForImplementation: true,
+    requireGateLatch: true, // Gate latch: quality gates must pass before TaskCompleted allows completion
     requirePatternCitation: false,
     citationFormat: '// Pattern: {pattern}',
     blockAutoTask: true,
@@ -300,11 +302,11 @@ const CONFIG_DEFAULTS = {
   qualityGates: {
     preTaskBaseline: { enabled: false },
     feature: {
-      require: ['loopComplete', 'tests', 'generatedTestsPass', 'uiVerification', 'apiVerification', 'registryUpdate', 'requestLogEntry', 'integrationWiring', 'standardsCompliance'],
+      require: ['loopComplete', 'tests', 'generatedTestsPass', 'uiVerification', 'apiVerification', 'verificationProof', 'registryUpdate', 'requestLogEntry', 'integrationWiring', 'standardsCompliance'],
       optional: ['review', 'docs', 'webmcpVerification']
     },
     bugfix: {
-      require: ['loopComplete', 'tests', 'generatedTestsPass', 'requestLogEntry', 'standardsCompliance'],
+      require: ['loopComplete', 'tests', 'generatedTestsPass', 'verificationProof', 'requestLogEntry', 'standardsCompliance'],
       optional: ['learningEnforcement', 'resolutionPopulated', 'review', 'webmcpVerification']
     },
     refactor: {
@@ -327,7 +329,7 @@ const CONFIG_DEFAULTS = {
 
   // --- Standards & Compliance ---
   standardsCompliance: {
-    enabled: false,
+    enabled: true,
     mode: 'block',
     scopeByTaskType: true,
     alwaysCheck: ['naming', 'security'],
@@ -337,6 +339,27 @@ const CONFIG_DEFAULTS = {
   checkpoint: { enabled: false },
   regressionTesting: { enabled: false },
 
+  // --- Runtime Verification (CC 2.1.89+ enforcement) ---
+  // Ensures agents actually test their work before marking done.
+  // Without this, agents claim "done" based on static evidence only.
+  runtimeVerification: {
+    enabled: true,
+    autoGenerateTests: true,
+    blockOnFailure: true,
+    frontend: {
+      method: 'webmcp',
+      fallback: ['playwright', 'checklist'],
+      devServerUrl: 'http://localhost:5173'
+    },
+    backend: {
+      method: 'api-test',
+      fallback: ['curl', 'checklist'],
+      baseUrl: 'http://localhost:3000'
+    },
+    testOutput: 'tests/verification',
+    persistTests: true
+  },
+
   // --- Detection (Project Type Awareness) ---
   detection: {
     _comment: "Weighted scoring for project type detection. Overrides take precedence over scoring.",
@@ -402,7 +425,7 @@ const CONFIG_DEFAULTS = {
     threshold: 30,
     allRegistries: true,
     aiAsJudge: true,
-    blockOnSimilar: false,
+    blockOnSimilar: true,
     injectContext: true,
     preferVariants: true,
     requireAppMapEntry: true,

package/scripts/flow-config-migrate.js

@@ -0,0 +1,270 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - Config Migration
+ *
+ * Migrates existing config.json files when defaults change between versions.
+ * Without this, users who update WogiFlow keep stale defaults forever because
+ * deepMerge(defaults, userConfig) lets user values win — even when those
+ * values are outdated defaults from a previous version.
+ *
+ * Migration strategy:
+ * - Each migration has a version number (_configVersion)
+ * - Migrations run in order from current version to latest
+ * - Only keys that still match the OLD default are upgraded
+ *   (user-customized values are preserved)
+ * - _configVersion is written to config.json after migration
+ *
+ * Called from postinstall.js on every npm install/update.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+/** Current config version — increment when adding new migrations */
+const CURRENT_CONFIG_VERSION = 2;
+
+/**
+ * Migration definitions. Each migration specifies:
+ * - version: the target _configVersion after this migration
+ * - description: human-readable description
+ * - migrate(config): function that modifies config in place
+ *
+ * IMPORTANT: Migrations must be SAFE for all users:
+ * - Only upgrade keys that match the OLD default value
+ * - Never overwrite user-customized values
+ * - Use ensureKey() for additive changes (new keys)
+ * - Use upgradeDefault() for changed defaults (old → new)
+ */
+const MIGRATIONS = [
+  {
+    version: 2,
+    description: 'Enforcement defaults: enable standards, reuse blocking, verification proof gate, runtime verification config, gate latch',
+    migrate(config) {
+      // --- Standards compliance: false → true ---
+      upgradeDefault(config, 'standardsCompliance.enabled', false, true);
+
+      // --- Component reuse: blockOnSimilar false → true ---
+      upgradeDefault(config, 'componentReuse.blockOnSimilar', false, true);
+
+      // --- Add runtimeVerification config (new key) ---
+      ensureKey(config, 'runtimeVerification', {
+        enabled: true,
+        autoGenerateTests: true,
+        blockOnFailure: true,
+        frontend: {
+          method: 'webmcp',
+          fallback: ['playwright', 'checklist'],
+          devServerUrl: 'http://localhost:5173'
+        },
+        backend: {
+          method: 'api-test',
+          fallback: ['curl', 'checklist'],
+          baseUrl: 'http://localhost:3000'
+        },
+        testOutput: 'tests/verification',
+        persistTests: true
+      });
+
+      // --- Add enforcement.requireGateLatch (new key) ---
+      ensureKey(config, 'enforcement.requireGateLatch', true);
+
+      // --- Add verificationProof to quality gates ---
+      addToGateList(config, 'feature', 'verificationProof');
+      addToGateList(config, 'bugfix', 'verificationProof');
+    }
+  }
+];
+
+// ============================================================
+// Migration Helpers
+// ============================================================
+
+/**
+ * Get a nested value from an object using dot notation.
+ * @param {Object} obj
+ * @param {string} path - e.g., 'standardsCompliance.enabled'
+ * @returns {*} The value, or undefined if not found
+ */
+function getNestedValue(obj, dotPath) {
+  const parts = dotPath.split('.');
+  let current = obj;
+  for (const part of parts) {
+    if (current == null || typeof current !== 'object') return undefined;
+    current = current[part];
+  }
+  return current;
+}
+
+/**
+ * Set a nested value on an object using dot notation.
+ * Creates intermediate objects if needed.
+ * @param {Object} obj
+ * @param {string} dotPath
+ * @param {*} value
+ */
+function setNestedValue(obj, dotPath, value) {
+  const parts = dotPath.split('.');
+  let current = obj;
+  for (let i = 0; i < parts.length - 1; i++) {
+    const existing = current[parts[i]];
+    if (existing == null || typeof existing !== 'object' || Array.isArray(existing)) {
+      // Only overwrite non-objects (null, undefined, primitives, arrays)
+      // to avoid corrupting existing nested config structures
+      current[parts[i]] = {};
+    }
+    current = current[parts[i]];
+  }
+  current[parts[parts.length - 1]] = value;
+}
+
+/**
+ * Upgrade a config value ONLY if it still matches the old default.
+ * If the user customized it to something else, leave it alone.
+ *
+ * @param {Object} config
+ * @param {string} dotPath - e.g., 'standardsCompliance.enabled'
+ * @param {*} oldDefault - the value we're replacing
+ * @param {*} newDefault - the new value to set
+ * @returns {boolean} true if upgraded
+ */
+function upgradeDefault(config, dotPath, oldDefault, newDefault) {
+  const current = getNestedValue(config, dotPath);
+
+  // Only upgrade if value matches old default exactly
+  if (current === oldDefault) {
+    setNestedValue(config, dotPath, newDefault);
+    return true;
+  }
+
+  // Value was customized or doesn't exist — leave it
+  return false;
+}
+
+/**
+ * Add a key to config if it doesn't exist.
+ * Never overwrites existing values.
+ *
+ * @param {Object} config
+ * @param {string} dotPath
+ * @param {*} value
+ * @returns {boolean} true if added
+ */
+function ensureKey(config, dotPath, value) {
+  const current = getNestedValue(config, dotPath);
+  if (current == null) {
+    setNestedValue(config, dotPath, value);
+    return true;
+  }
+  return false;
+}
+
+/**
+ * Add a gate name to a quality gate list if not already present.
+ *
+ * @param {Object} config
+ * @param {string} taskType - e.g., 'feature', 'bugfix'
+ * @param {string} gateName - e.g., 'verificationProof'
+ * @returns {boolean} true if added
+ */
+function addToGateList(config, taskType, gateName) {
+  const gates = config.qualityGates?.[taskType]?.require;
+  if (!Array.isArray(gates)) return false;
+  if (gates.includes(gateName)) return false;
+
+  // Insert before the last gate (usually standardsCompliance) for logical ordering
+  const insertIndex = Math.max(0, gates.length - 1);
+  gates.splice(insertIndex, 0, gateName);
+  return true;
+}
+
+// ============================================================
+// Public API
+// ============================================================
+
+/**
+ * Run all pending migrations on a config object.
+ *
+ * @param {Object} config - The user's config.json content (mutated in place)
+ * @returns {{ migrated: boolean, fromVersion: number, toVersion: number, applied: string[] }}
+ */
+function migrateConfig(config) {
+  const currentVersion = config._configVersion ?? 1;
+  const applied = [];
+
+  if (currentVersion >= CURRENT_CONFIG_VERSION) {
+    return { migrated: false, fromVersion: currentVersion, toVersion: currentVersion, applied };
+  }
+
+  for (const migration of MIGRATIONS) {
+    if (migration.version > currentVersion) {
+      try {
+        migration.migrate(config);
+        applied.push(`v${migration.version}: ${migration.description}`);
+      } catch (err) {
+        if (process.env.DEBUG) {
+          console.error(`[config-migrate] Migration v${migration.version} failed: ${err.message}`);
+        }
+        // Continue with other migrations — partial upgrade is better than none
+      }
+    }
+  }
+
+  config._configVersion = CURRENT_CONFIG_VERSION;
+
+  return {
+    migrated: applied.length > 0,
+    fromVersion: currentVersion,
+    toVersion: CURRENT_CONFIG_VERSION,
+    applied
+  };
+}
+
+/**
+ * Migrate config.json file on disk.
+ * Safe to call multiple times — idempotent via _configVersion tracking.
+ *
+ * @param {string} configPath - Path to config.json
+ * @returns {{ migrated: boolean, fromVersion: number, toVersion: number, applied: string[] }}
+ */
+function migrateConfigFile(configPath) {
+  if (!fs.existsSync(configPath)) {
+    return { migrated: false, fromVersion: 0, toVersion: 0, applied: [] };
+  }
+
+  let config;
+  try {
+    config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
+  } catch (err) {
+    if (process.env.DEBUG) {
+      console.error(`[config-migrate] Failed to read config: ${err.message}`);
+    }
+    return { migrated: false, fromVersion: 0, toVersion: 0, applied: [] };
+  }
+
+  const result = migrateConfig(config);
+
+  if (result.migrated) {
+    try {
+      fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    } catch (err) {
+      if (process.env.DEBUG) {
+        console.error(`[config-migrate] Failed to write migrated config: ${err.message}`);
+      }
+    }
+  }
+
+  return result;
+}
+
+module.exports = {
+  migrateConfig,
+  migrateConfigFile,
+  CURRENT_CONFIG_VERSION,
+  // Export helpers for testing
+  upgradeDefault,
+  ensureKey,
+  addToGateList,
+  getNestedValue,
+  setNestedValue
+};

package/scripts/flow-context-manifest.js

@@ -0,0 +1,322 @@
+#!/usr/bin/env node
+
+/**
+ * Wogi Flow - Context Manifest Generator
+ *
+ * Generates a compact context manifest from project registry files.
+ * The manifest provides one-line summaries of all coding rules, components,
+ * utility functions, and API endpoints — enough for Claude to know WHAT EXISTS
+ * without injecting full content upfront.
+ *
+ * Part of the Tiered Context Architecture (CC 2.1.89+):
+ * - T1: Critical state (task, routing, warnings) — always injected
+ * - T2: Context manifest (this file) — compact inventory of available context
+ * - T3: Full content — loaded on-demand via Read when Claude needs it
+ *
+ * The manifest solves the "unknown unknowns" problem: if Claude doesn't know
+ * a utility exists, it will reinvent it. The manifest lists everything that
+ * exists with enough context to know when to look deeper.
+ */
+
+const path = require('node:path');
+const fs = require('node:fs');
+const { PATHS, safeJsonParse } = require('./flow-utils');
+
+/** Maximum chars per summary line in the manifest */
+const MAX_SUMMARY_LEN = 120;
+
+/** Maximum entries per registry section */
+const MAX_ENTRIES_PER_SECTION = 30;
+
+/**
+ * Extract coding rules from decisions.md as one-line summaries.
+ * Parses ## sections and extracts the first meaningful line of each.
+ *
+ * @returns {Array<{title: string, summary: string}>}
+ */
+function extractDecisionSummaries() {
+  if (!fs.existsSync(PATHS.decisions)) return [];
+
+  try {
+    const content = fs.readFileSync(PATHS.decisions, 'utf-8');
+    const sections = content.split(/^##\s+/m).slice(1);
+    const results = [];
+
+    for (const section of sections) {
+      if (results.length >= MAX_ENTRIES_PER_SECTION) break;
+
+      const lines = section.split('\n');
+      const title = lines[0].trim();
+      if (!title) continue;
+
+      // Skip the divider line and header, find first content line
+      const subsections = section.split(/^###\s+/m).slice(1);
+      if (subsections.length > 0) {
+        // Has subsections — list them (skip placeholder subsections)
+        const subNames = subsections
+          .map(s => s.split('\n')[0].trim())
+          .filter(name => name && !name.includes('<!--'))
+          .slice(0, 5);
+        if (subNames.length > 0) {
+          results.push({
+            title,
+            summary: subNames.join(', ')
+          });
+        }
+      } else {
+        // No subsections — take first non-empty content line
+        const bodyLines = lines.slice(1).filter(l =>
+          l.trim() && !l.startsWith('---') && !l.startsWith('**Source') && !l.includes('<!--')
+        );
+        const summary = bodyLines[0]?.trim().substring(0, MAX_SUMMARY_LEN) || '';
+        if (summary) {
+          results.push({ title, summary });
+        }
+      }
+    }
+
+    return results;
+  } catch (_err) {
+    return [];
+  }
+}
+
+/**
+ * Extract components from app-map.md tables.
+ * Parses markdown tables for Screen, Modal, and Component entries.
+ *
+ * @returns {Array<{type: string, name: string, detail: string}>}
+ */
+function extractComponentSummaries() {
+  const appMapPath = PATHS.appMap || path.join(PATHS.state, 'app-map.md');
+  if (!fs.existsSync(appMapPath)) return [];
+
+  try {
+    const content = fs.readFileSync(appMapPath, 'utf-8');
+    const results = [];
+
+    // Parse table rows: | Name | ... | ... |
+    // Skip header rows (containing ---), template rows (_Example_), and column header rows
+    const HEADER_KEYWORDS = ['Screen', 'Route', 'Status', 'Modal', 'Trigger', 'Component', 'Variants', 'Path', 'Details'];
+    const tableRows = content.match(/^\|[^|]+\|.+\|$/gm) || [];
+    for (const row of tableRows) {
+      if (results.length >= MAX_ENTRIES_PER_SECTION) break;
+      if (row.includes('---') || row.includes('_Example_')) continue;
+      // Skip column header rows (first row of each table)
+      const cells = row.split('|').filter(Boolean).map(c => c.trim());
+      if (cells.length >= 2 && HEADER_KEYWORDS.includes(cells[0]) && HEADER_KEYWORDS.includes(cells[1])) continue;
+
+      if (cells.length >= 2 && cells[0]) {
+        results.push({
+          type: 'component',
+          name: cells[0],
+          detail: cells.slice(1, 3).filter(Boolean).join(' — ').substring(0, MAX_SUMMARY_LEN)
+        });
+      }
+    }
+
+    return results;
+  } catch (_err) {
+    return [];
+  }
+}
+
+/**
+ * Extract utility functions from function-map.md.
+ * Parses both table format and manual entry format.
+ *
+ * @returns {Array<{name: string, file: string, purpose: string}>}
+ */
+function extractFunctionSummaries() {
+  const fnMapPath = path.join(PATHS.state, 'function-map.md');
+  if (!fs.existsSync(fnMapPath)) return [];
+
+  try {
+    const content = fs.readFileSync(fnMapPath, 'utf-8');
+    const results = [];
+
+    // Parse table rows: | functionName | file | purpose |
+    const tableRows = content.match(/^\|[^|]+\|.+\|$/gm) || [];
+    for (const row of tableRows) {
+      if (results.length >= MAX_ENTRIES_PER_SECTION) break;
+      if (row.includes('---') || row.includes('Function') && row.includes('File')) continue;
+
+      const cells = row.split('|').filter(Boolean).map(c => c.trim());
+      if (cells.length >= 2 && cells[0] && !cells[0].startsWith('_')) {
+        results.push({
+          name: cells[0],
+          file: cells[1] || '',
+          purpose: (cells[2] || '').substring(0, MAX_SUMMARY_LEN)
+        });
+      }
+    }
+
+    // Parse ### entries (manual format): ### functionName(params)
+    const manualEntries = content.match(/^###\s+\w+.*$/gm) || [];
+    for (const entry of manualEntries) {
+      if (results.length >= MAX_ENTRIES_PER_SECTION) break;
+      const name = entry.replace(/^###\s+/, '').trim();
+      if (name && !name.includes('Rules') && !name.includes('Scan')) {
+        // Avoid duplicates
+        if (!results.some(r => r.name === name)) {
+          results.push({ name, file: '', purpose: '' });
+        }
+      }
+    }
+
+    return results;
+  } catch (_err) {
+    return [];
+  }
+}
+
+/**
+ * Extract API endpoints from api-map.md.
+ *
+ * @returns {Array<{method: string, path: string, purpose: string}>}
+ */
+function extractApiSummaries() {
+  const apiMapPath = path.join(PATHS.state, 'api-map.md');
+  if (!fs.existsSync(apiMapPath)) return [];
+
+  try {
+    const content = fs.readFileSync(apiMapPath, 'utf-8');
+    const results = [];
+
+    // Parse ### METHOD /path entries
+    const endpointHeaders = content.match(/^###\s+(GET|POST|PUT|PATCH|DELETE)\s+\S+/gm) || [];
+    for (const header of endpointHeaders) {
+      if (results.length >= MAX_ENTRIES_PER_SECTION) break;
+      const match = header.match(/^###\s+(GET|POST|PUT|PATCH|DELETE)\s+(\S+)/);
+      if (match) {
+        // Find purpose line after the header
+        const idx = content.indexOf(header);
+        const afterHeader = content.substring(idx + header.length, idx + header.length + 300);
+        const purposeMatch = afterHeader.match(/\*\*Purpose\*\*:\s*(.+)/);
+        results.push({
+          method: match[1],
+          path: match[2],
+          purpose: (purposeMatch ? purposeMatch[1] : '').substring(0, MAX_SUMMARY_LEN)
+        });
+      }
+    }
+
+    // Parse table format: | METHOD | /path | purpose |
+    const tableRows = content.match(/^\|[^|]+\|.+\|$/gm) || [];
+    for (const row of tableRows) {
+      if (results.length >= MAX_ENTRIES_PER_SECTION) break;
+      if (row.includes('---') || row.includes('Method') && row.includes('Path')) continue;
+
+      const cells = row.split('|').filter(Boolean).map(c => c.trim());
+      if (cells.length >= 2 && /^(GET|POST|PUT|PATCH|DELETE)$/i.test(cells[0])) {
+        if (!results.some(r => r.method === cells[0] && r.path === cells[1])) {
+          results.push({
+            method: cells[0],
+            path: cells[1],
+            purpose: (cells[2] || '').substring(0, MAX_SUMMARY_LEN)
+          });
+        }
+      }
+    }
+
+    return results;
+  } catch (_err) {
+    return [];
+  }
+}
+
+/**
+ * Generate the full context manifest.
+ * Returns a structured object with all registry summaries.
+ *
+ * @returns {{ decisions: Array, components: Array, functions: Array, apis: Array, generatedAt: string }}
+ */
+function generateManifest() {
+  return {
+    decisions: extractDecisionSummaries(),
+    components: extractComponentSummaries(),
+    functions: extractFunctionSummaries(),
+    apis: extractApiSummaries(),
+    generatedAt: new Date().toISOString()
+  };
+}
+
+/**
+ * Format the manifest as a compact markdown string for context injection.
+ * Designed to be small enough to always fit in T2 (target: 2-8KB depending on project size).
+ *
+ * @param {Object} manifest - From generateManifest()
+ * @returns {string} Formatted markdown
+ */
+function formatManifestForInjection(manifest) {
+  if (!manifest) return '';
+
+  const parts = [];
+
+  // Coding rules
+  if (manifest.decisions.length > 0) {
+    parts.push('**Coding Rules** (load full: `Read .workflow/state/decisions.md`):');
+    for (const d of manifest.decisions) {
+      parts.push(`- ${d.title}: ${d.summary}`);
+    }
+  }
+
+  // Components
+  if (manifest.components.length > 0) {
+    parts.push('**Components** (load full: `Read .workflow/state/app-map.md`):');
+    for (const c of manifest.components) {
+      parts.push(`- ${c.name}: ${c.detail}`);
+    }
+  }
+
+  // Utility functions
+  if (manifest.functions.length > 0) {
+    parts.push('**Utility Functions** (load full: `Read .workflow/state/function-map.md`):');
+    for (const f of manifest.functions) {
+      const detail = f.purpose ? ` — ${f.purpose}` : '';
+      const file = f.file ? ` (${f.file})` : '';
+      parts.push(`- \`${f.name}\`${file}${detail}`);
+    }
+  }
+
+  // API endpoints
+  if (manifest.apis.length > 0) {
+    parts.push('**API Endpoints** (load full: `Read .workflow/state/api-map.md`):');
+    for (const a of manifest.apis) {
+      const purpose = a.purpose ? ` — ${a.purpose}` : '';
+      parts.push(`- ${a.method} ${a.path}${purpose}`);
+    }
+  }
+
+  if (parts.length === 0) {
+    return '';
+  }
+
+  return parts.join('\n');
+}
+
+/**
+ * Check if any registries have content worth manifesting.
+ * Returns false for empty/template-only registries.
+ *
+ * @param {Object} manifest - From generateManifest()
+ * @returns {boolean}
+ */
+function hasContent(manifest) {
+  return (
+    manifest.decisions.length > 0 ||
+    manifest.components.length > 0 ||
+    manifest.functions.length > 0 ||
+    manifest.apis.length > 0
+  );
+}
+
+module.exports = {
+  generateManifest,
+  formatManifestForInjection,
+  hasContent,
+  extractDecisionSummaries,
+  extractComponentSummaries,
+  extractFunctionSummaries,
+  extractApiSummaries
+};