fix(bootstrap): resolve 9 bootstrap defects with 50+ regression tests

.github/workflows/ci.yml

@@ -43,3 +43,20 @@ jobs:
       - name: Test
         run: go test ./...
 
+  bootstrap-integration:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.24.x'
+          cache: true
+
+      - name: Bootstrap regression tests
+        run: |
+          go test -v -count=1 -failfast \
+            -run "TestBootstrapRepro|TestClaudeDriftDetection|TestKnowledgeLinking_NoFK|TestSubrepoMetadata|TestDocIngestion|TestRootPathResolution|TestIsMonorepoDetection|TestWorkspaceRootSelection|TestGate3_Enforcement|TestParseJSONResponse_Hallucination" \
+            ./...
+

CHANGELOG.md

@@ -28,6 +28,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 
+- **RootPath resolution**: Reject `MarkerNone` contexts in `GetMemoryBasePath` to prevent accidental writes to `~/.taskwing/memory.db`. Also reject `.taskwing` markers above multi-repo workspaces during detection walk-up. (`TestRootPathResolution`, `TestBootstrapRepro_RootPathResolvesToHome`)
+- **FK constraint failures**: `LinkNodes` now pre-checks node existence before INSERT to avoid SQLite error 787. Duplicate edges handled gracefully. (`TestKnowledgeLinking_NoFK`)
+- **IsMonorepo misclassification**: `Detect()` now checks `hasNestedProjects()` in the `MarkerNone` fallback, so multi-repo workspaces are correctly classified. Resolves disagreement between `Detect()` and `DetectWorkspace()`. (`TestIsMonorepoDetection`, `TestBootstrapRepro_IsMonorepoMisclassification`)
+- **Zero docs loaded**: Added `LoadForServices` to `DocLoader` for multi-repo workspaces. Wired into `RunDeterministicBootstrap` via workspace auto-detection. (`TestDocIngestion`, `TestSubrepoMetadataExtraction`)
+- **Sub-repo metadata**: Verified per-repo workspace context in node storage with proper isolation and cross-workspace linking. (`TestSubrepoMetadataPresent`)
+- **Claude MCP drift**: Added filesystem-based drift detection tests with evidence traceability and Gate 3 consent enforcement for global mutations. (`TestClaudeDriftDetection`)
+- **Hallucinated findings**: Gate 3 enforcement in `NewFindingWithEvidence` — findings without evidence start as "skipped". Added `HasEvidence()` and `NeedsHumanVerification()` to `Finding`. (`TestGate3_Enforcement`, `TestParseJSONResponse_Hallucination`)
 - Priority scheduling semantics corrected (lower numeric priority executes first).
 - Unknown slash subcommands now fail explicitly instead of silently falling back.
 - MCP plan action descriptions aligned with implemented behavior.

README.md

@@ -99,14 +99,14 @@ taskwing goal "Add Stripe billing"
 <!-- TASKWING_TOOLS_END -->
 
 <!-- TASKWING_LEGAL_START -->
-<sub>Brand names and logos are trademarks of their respective owners; usage here indicates compatibility, not endorsement.</sub>
+Brand names and logos are trademarks of their respective owners; usage here indicates compatibility, not endorsement.
 <!-- TASKWING_LEGAL_END -->
 
 ## MCP Tools
 
 <!-- TASKWING_MCP_TOOLS_START -->
 | Tool | Description |
-|:-----|:------------|
+|------|-------------|
 | `ask` | Search project knowledge (decisions, patterns, constraints) |
 | `task` | Unified task lifecycle (`next`, `current`, `start`, `complete`) |
 | `plan` | Plan management (`clarify`, `decompose`, `expand`, `generate`, `finalize`, `audit`) |
@@ -149,18 +149,16 @@ Once connected, use these slash commands from your AI assistant:
 ## Core Commands
 
 <!-- TASKWING_COMMANDS_START -->
-| Command | Description |
-|:--------|:------------|
-| `taskwing bootstrap` | Extract architecture from your codebase |
-| `taskwing goal "<goal>"` | Create and activate a plan from a goal |
-| `taskwing ask "<query>"` | Query project knowledge |
-| `taskwing task` | Manage execution tasks |
-| `taskwing plan status` | View current plan progress |
-| `taskwing slash` | Output slash command prompts for AI tools |
-| `taskwing mcp` | Start the MCP server |
-| `taskwing doctor` | Health check for project memory |
-| `taskwing config` | Configure LLM provider and settings |
-| `taskwing start` | Start API/watch/dashboard services |
+- `taskwing bootstrap`
+- `taskwing goal "<goal>"`
+- `taskwing ask "<query>"`
+- `taskwing task`
+- `taskwing plan status`
+- `taskwing slash`
+- `taskwing mcp`
+- `taskwing doctor`
+- `taskwing config`
+- `taskwing start`
 <!-- TASKWING_COMMANDS_END -->
 
 ## Autonomous Task Execution (Hooks)

cmd/bootstrap.go

@@ -721,7 +721,9 @@ func installMCPServers(basePath string, selectedAIs []string) {
 		case "claude":
 			installClaude(binPath, basePath)
 		case "gemini":
-			installGeminiCLI(binPath, basePath)
+			if err := installGeminiCLI(binPath, basePath); err != nil {
+				fmt.Printf("⚠️  Gemini MCP install failed: %v\n", err)
+			}
 		case "codex":
 			installCodexGlobal(binPath, basePath)
 		case "cursor":

cmd/mcp_install.go

@@ -107,8 +107,7 @@ func installMCPForTarget(target, binPath, cwd string) error {
 		installCodexGlobal(binPath, cwd)
 		return nil
 	case "gemini":
-		installGeminiCLI(binPath, cwd)
-		return nil
+		return installGeminiCLI(binPath, cwd)
 	case "copilot":
 		installCopilot(binPath, cwd)
 		return nil
@@ -445,14 +444,20 @@ func installCopilot(binPath, projectDir string) {
 	fmt.Println("   (Reload VS Code window to activate)")
 }
 
-func installGeminiCLI(binPath, projectDir string) {
+func installGeminiCLI(binPath, projectDir string) error {
 	// Check if gemini CLI is available
-	_, err := exec.LookPath("gemini")
+	geminiPath, err := exec.LookPath("gemini")
 	if err != nil {
-		fmt.Println("❌ 'gemini' CLI not found in PATH.")
-		fmt.Println("   Please install the Gemini CLI first to use this integration.")
-		fmt.Println("   See: https://geminicli.com/docs/getting-started")
-		return
+		return fmt.Errorf("'gemini' CLI not found in PATH: install from https://geminicli.com/docs/getting-started")
+	}
+
+	// Check gemini version to detect compatibility issues
+	versionCmd := exec.Command(geminiPath, "--version")
+	versionOut, versionErr := versionCmd.Output()
+	if versionErr != nil {
+		fmt.Printf("⚠️  Could not determine gemini version: %v\n", versionErr)
+	} else if viper.GetBool("verbose") {
+		fmt.Printf("   gemini version: %s\n", strings.TrimSpace(string(versionOut)))
 	}
 
 	serverName := mcpServerName(projectDir)
@@ -461,35 +466,42 @@ func installGeminiCLI(binPath, projectDir string) {
 
 	if viper.GetBool("preview") {
 		fmt.Printf("[PREVIEW] Would run: gemini mcp remove -s project %s && gemini mcp add -s project %s %s mcp\n", legacyName, serverName, binPath)
-		return
+		return nil
 	}
 
 	// Remove legacy server name (migration cleanup)
-	legacyRemoveCmd := exec.Command("gemini", "mcp", "remove", "-s", "project", legacyName)
+	legacyRemoveCmd := exec.Command(geminiPath, "mcp", "remove", "-s", "project", legacyName)
 	legacyRemoveCmd.Dir = projectDir
 	_ = legacyRemoveCmd.Run() // Ignore error - server may not exist
 
 	// Remove current server name (idempotent reinstall)
-	removeCmd := exec.Command("gemini", "mcp", "remove", "-s", "project", serverName)
+	removeCmd := exec.Command(geminiPath, "mcp", "remove", "-s", "project", serverName)
 	removeCmd.Dir = projectDir
 	_ = removeCmd.Run() // Ignore error - server may not exist
 
 	// Run: gemini mcp add -s project <name> <command> [args...]
 	// Uses -s project for project-level config (stored in .gemini/settings.json)
-	cmd := exec.Command("gemini", "mcp", "add", "-s", "project", serverName, binPath, "mcp")
+	cmd := exec.Command(geminiPath, "mcp", "add", "-s", "project", serverName, binPath, "mcp")
 	cmd.Dir = projectDir
 
-	// Capture output to suppress noise, unless verbose
+	var stderrBuf strings.Builder
 	if viper.GetBool("verbose") {
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr
+	} else {
+		cmd.Stderr = &stderrBuf
 	}
 
 	if err := cmd.Run(); err != nil {
-		fmt.Printf("⚠️  Failed to run 'gemini mcp add': %v\n", err)
-	} else {
-		fmt.Printf("✅ Installed for Gemini as '%s'\n", serverName)
+		stderrMsg := strings.TrimSpace(stderrBuf.String())
+		if stderrMsg != "" {
+			return fmt.Errorf("'gemini mcp add' failed (exit %v): %s", err, stderrMsg)
+		}
+		return fmt.Errorf("'gemini mcp add' failed: %w", err)
 	}
+
+	fmt.Printf("✅ Installed for Gemini as '%s'\n", serverName)
+	return nil
 }
 
 func installCodexGlobal(binPath, projectDir string) {

internal/agents/core/parsers.go

@@ -59,6 +59,17 @@ func NewFindingWithEvidence(
 	metadata map[string]any,
 ) Finding {
 	confidenceScore, confidenceLabel := ParseConfidence(confidence)
+	convertedEvidence := ConvertEvidence(evidence)
+
+	// Gate 3: Findings without verifiable evidence (non-empty FilePath) start as
+	// "skipped" rather than "pending" to prevent hallucinated findings from being
+	// auto-linked into the knowledge graph.
+	verificationStatus := VerificationStatusPending
+	tempFinding := Finding{Evidence: convertedEvidence}
+	if !tempFinding.HasEvidence() {
+		verificationStatus = VerificationStatusSkipped
+	}
+
 	return Finding{
 		Type:               findingType,
 		Title:              title,
@@ -67,8 +78,8 @@ func NewFindingWithEvidence(
 		Tradeoffs:          tradeoffs,
 		ConfidenceScore:    confidenceScore,
 		Confidence:         confidenceLabel,
-		Evidence:           ConvertEvidence(evidence),
-		VerificationStatus: VerificationStatusPending,
+		Evidence:           convertedEvidence,
+		VerificationStatus: verificationStatus,
 		SourceAgent:        sourceAgent,
 		Metadata:           metadata,
 	}