diff --git a/src/resources/extensions/gsd/bootstrap/register-hooks.ts b/src/resources/extensions/gsd/bootstrap/register-hooks.ts index f511fbadf..c94e3f32b 100644 --- a/src/resources/extensions/gsd/bootstrap/register-hooks.ts +++ b/src/resources/extensions/gsd/bootstrap/register-hooks.ts @@ -6,7 +6,7 @@ import { isToolCallEventType } from "@gsd/pi-coding-agent"; import { buildMilestoneFileName, resolveMilestonePath, resolveSliceFile, resolveSlicePath } from "../paths.js"; import { buildBeforeAgentStartResult } from "./system-context.js"; import { handleAgentEnd } from "./agent-end-recovery.js"; -import { clearDiscussionFlowState, isDepthVerified, isDepthConfirmationAnswer, isQueuePhaseActive, markDepthVerified, resetWriteGateState, shouldBlockContextWrite, shouldBlockQueueExecution } from "./write-gate.js"; +import { clearDiscussionFlowState, isDepthVerified, isDepthConfirmationAnswer, isQueuePhaseActive, markDepthVerified, resetWriteGateState, shouldBlockContextWrite, shouldBlockQueueExecution, isGateQuestionId, setPendingGate, clearPendingGate, getPendingGate, shouldBlockPendingGate, shouldBlockPendingGateBash } from "./write-gate.js"; import { isBlockedStateFile, isBashWriteToStateFile, BLOCKED_WRITE_ERROR } from "../write-intercept.js"; import { cleanupQuickBranch } from "../quick.js"; import { getDiscussionMilestoneId } from "../guided-flow.js"; @@ -168,6 +168,43 @@ export function registerHooks(pi: ExtensionAPI): void { return { block: true, reason: loopCheck.reason }; } + // ── Discussion gate enforcement: track pending questions ───────── + // During a discussion flow, EVERY ask_user_questions call matters. + // When ask_user_questions is called, mark it as pending. It stays + // pending until the user responds. This prevents the model from + // continuing if ask_user_questions fails, errors, or is cancelled. + if (event.toolName === "ask_user_questions") { + const milestoneId = getDiscussionMilestoneId(); + const inDiscussion = milestoneId !== null || isQueuePhaseActive(); + if (inDiscussion) { + const questions: any[] = (event.input as any)?.questions ?? []; + const questionId = questions[0]?.id ?? "ask_user_questions"; + setPendingGate(typeof questionId === "string" ? questionId : "ask_user_questions"); + } + } + + // ── Discussion gate enforcement: block tool calls while gate is pending ── + // If ask_user_questions was called with a gate ID but hasn't been confirmed, + // block all non-read-only tool calls to prevent the model from skipping gates. + if (getPendingGate()) { + const milestoneId = getDiscussionMilestoneId(); + if (isToolCallEventType("bash", event)) { + const bashGuard = shouldBlockPendingGateBash( + event.input.command, + milestoneId, + isQueuePhaseActive(), + ); + if (bashGuard.block) return bashGuard; + } else { + const gateGuard = shouldBlockPendingGate( + event.toolName, + milestoneId, + isQueuePhaseActive(), + ); + if (gateGuard.block) return gateGuard; + } + } + // ── Queue-mode execution guard (#2545): block source-code mutations ── // When /gsd queue is active, the agent should only create milestones, // not execute work. Block write/edit to non-.gsd/ paths and bash commands @@ -244,9 +281,27 @@ export function registerHooks(pi: ExtensionAPI): void { if (!milestoneId && !queueActive) return; const details = event.details as any; + + // ── Discussion gate enforcement: handle gate question responses ── + // If the result is cancelled or has no response, the pending gate stays active + // so the model is blocked from non-read-only tools until it re-asks. + // If the user responded at all (even "needs adjustment"), clear the pending gate + // because the user engaged — the prompt handles the re-ask-after-adjustment flow. + const questions: any[] = (event.input as any)?.questions ?? []; + const currentPendingGate = getPendingGate(); + if (currentPendingGate) { + if (details?.cancelled || !details?.response) { + // Gate stays pending — model will be blocked from non-read-only tools + // until it re-asks and gets a valid response + } else { + // User responded (confirmed or requested adjustment) — clear the pending gate. + // The prompt-level instructions handle the "needs adjustment" re-ask flow. + clearPendingGate(); + } + } + if (details?.cancelled || !details?.response) return; - const questions: any[] = (event.input as any)?.questions ?? []; for (const question of questions) { if (typeof question.id === "string" && question.id.includes("depth_verification")) { // Only unlock the gate if the user selected the first option (confirmation). diff --git a/src/resources/extensions/gsd/bootstrap/write-gate.ts b/src/resources/extensions/gsd/bootstrap/write-gate.ts index 3b8041bb1..937fd4eba 100644 --- a/src/resources/extensions/gsd/bootstrap/write-gate.ts +++ b/src/resources/extensions/gsd/bootstrap/write-gate.ts @@ -29,6 +29,40 @@ const BASH_READ_ONLY_RE = /^\s*(cat|head|tail|less|more|wc|file|stat|du|df|which let depthVerificationDone = false; let activeQueuePhase = false; +/** + * Discussion gate enforcement state. + * + * When ask_user_questions is called with a recognized gate question ID, + * we track the pending gate. Until the gate is confirmed (user selects the + * first/recommended option), all non-read-only tool calls are blocked. + * This mechanically prevents the model from rationalizing past failed or + * cancelled gate questions. + */ +let pendingGateId: string | null = null; + +/** + * Recognized gate question ID patterns. + * These appear in both discuss-prepared.md (4-layer) and discuss.md (depth/requirements/roadmap). + */ +const GATE_QUESTION_PATTERNS = [ + "layer1_scope_gate", + "layer2_architecture_gate", + "layer3_error_gate", + "layer4_quality_gate", + "depth_verification", +] as const; + +/** + * Tools that are safe to call while a gate is pending. + * Includes read-only tools and ask_user_questions itself (so the model can re-ask). + */ +const GATE_SAFE_TOOLS = new Set([ + "ask_user_questions", + "read", "grep", "find", "ls", "glob", + "search-the-web", "resolve_library", "get_library_docs", "fetch_page", + "search_and_read", +]); + export function isDepthVerified(): boolean { return depthVerificationDone; } @@ -43,17 +77,111 @@ export function setQueuePhaseActive(active: boolean): void { export function resetWriteGateState(): void { depthVerificationDone = false; + pendingGateId = null; } export function clearDiscussionFlowState(): void { depthVerificationDone = false; activeQueuePhase = false; + pendingGateId = null; } export function markDepthVerified(): void { depthVerificationDone = true; } +/** + * Check whether a question ID matches a recognized gate pattern. + */ +export function isGateQuestionId(questionId: string): boolean { + return GATE_QUESTION_PATTERNS.some(pattern => questionId.includes(pattern)); +} + +/** + * Mark a gate as pending (called when ask_user_questions is invoked with a gate ID). + */ +export function setPendingGate(gateId: string): void { + pendingGateId = gateId; +} + +/** + * Clear the pending gate (called when the user confirms). + */ +export function clearPendingGate(): void { + pendingGateId = null; +} + +/** + * Get the currently pending gate, if any. + */ +export function getPendingGate(): string | null { + return pendingGateId; +} + +/** + * Check whether a tool call should be blocked because a discussion gate + * is pending (ask_user_questions was called but not confirmed). + * + * Returns { block: true, reason } if the tool should be blocked. + * Read-only tools and ask_user_questions itself are always allowed. + */ +export function shouldBlockPendingGate( + toolName: string, + milestoneId: string | null, + queuePhaseActive?: boolean, +): { block: boolean; reason?: string } { + if (!pendingGateId) return { block: false }; + + const inDiscussion = milestoneId !== null; + const inQueue = queuePhaseActive ?? false; + if (!inDiscussion && !inQueue) return { block: false }; + + if (GATE_SAFE_TOOLS.has(toolName)) return { block: false }; + + // Bash read-only commands are also safe + if (toolName === "bash") return { block: false }; // bash is checked separately below + + return { + block: true, + reason: [ + `HARD BLOCK: Discussion gate "${pendingGateId}" has not been confirmed by the user.`, + `You MUST re-call ask_user_questions with the gate question before making any other tool calls.`, + `If the previous ask_user_questions call failed, errored, was cancelled, or the user's response`, + `did not match a provided option, you MUST re-ask — never rationalize past the block.`, + `Do NOT proceed, do NOT use alternative approaches, do NOT skip the gate.`, + ].join(" "), + }; +} + +/** + * Check whether a bash command should be blocked because a discussion gate is pending. + * Read-only bash commands are allowed; mutating commands are blocked. + */ +export function shouldBlockPendingGateBash( + command: string, + milestoneId: string | null, + queuePhaseActive?: boolean, +): { block: boolean; reason?: string } { + if (!pendingGateId) return { block: false }; + + const inDiscussion = milestoneId !== null; + const inQueue = queuePhaseActive ?? false; + if (!inDiscussion && !inQueue) return { block: false }; + + // Allow read-only bash commands + if (BASH_READ_ONLY_RE.test(command)) return { block: false }; + + return { + block: true, + reason: [ + `HARD BLOCK: Discussion gate "${pendingGateId}" has not been confirmed by the user.`, + `You MUST re-call ask_user_questions with the gate question before running mutating commands.`, + `If the previous ask_user_questions call failed, errored, was cancelled, or the user's response`, + `did not match a provided option, you MUST re-ask — never rationalize past the block.`, + ].join(" "), + }; +} + /** * Check whether a depth_verification answer confirms the discussion is complete. * Uses structural validation: the selected answer must exactly match the first diff --git a/src/resources/extensions/gsd/codebase-generator.ts b/src/resources/extensions/gsd/codebase-generator.ts index 6fe558abb..a7b1b1e56 100644 --- a/src/resources/extensions/gsd/codebase-generator.ts +++ b/src/resources/extensions/gsd/codebase-generator.ts @@ -38,6 +38,10 @@ interface DirectoryGroup { const DEFAULT_EXCLUDES = [ ".gsd/", ".planning/", + ".plans/", + ".claude/", + ".cursor/", + ".vscode/", ".git/", "node_modules/", "dist/", diff --git a/src/resources/extensions/gsd/detection.ts b/src/resources/extensions/gsd/detection.ts index ab22a72ca..3cfa9bdb8 100644 --- a/src/resources/extensions/gsd/detection.ts +++ b/src/resources/extensions/gsd/detection.ts @@ -242,6 +242,12 @@ const TEST_MARKERS = [ /** Directories skipped during bounded recursive project scans. */ const RECURSIVE_SCAN_IGNORED_DIRS = new Set([ ".git", + ".gsd", + ".planning", + ".plans", + ".claude", + ".cursor", + ".vscode", "node_modules", ".venv", "venv", diff --git a/src/resources/extensions/gsd/index.ts b/src/resources/extensions/gsd/index.ts index 45f2bf8a7..d61786f6f 100644 --- a/src/resources/extensions/gsd/index.ts +++ b/src/resources/extensions/gsd/index.ts @@ -3,10 +3,16 @@ import type { ExtensionAPI } from "@gsd/pi-coding-agent"; export { isDepthConfirmationAnswer, isDepthVerified, + isGateQuestionId, isQueuePhaseActive, setQueuePhaseActive, shouldBlockContextWrite, + shouldBlockPendingGate, + shouldBlockPendingGateBash, shouldBlockQueueExecution, + setPendingGate, + clearPendingGate, + getPendingGate, } from "./bootstrap/write-gate.js"; export default async function registerExtension(pi: ExtensionAPI) { diff --git a/src/resources/extensions/gsd/prompts/complete-milestone.md b/src/resources/extensions/gsd/prompts/complete-milestone.md index 82aea198c..ca11b93d7 100644 --- a/src/resources/extensions/gsd/prompts/complete-milestone.md +++ b/src/resources/extensions/gsd/prompts/complete-milestone.md @@ -63,6 +63,6 @@ Then: 13. Do not commit manually — the system auto-commits your changes after this unit completes. - Say: "Milestone {{milestoneId}} complete." -**Important:** Do NOT skip the code change verification, success criteria, or definition of done verification (steps 3-5). The milestone summary must reflect actual verified outcomes, not assumed success. Verification failures BLOCK completion — there is no override. The milestone stays in its current state until issues are resolved and verification is re-run. +**Important:** Do NOT skip the code change verification, success criteria, or definition of done verification (steps 3-5). The milestone summary must reflect actual verified outcomes, not assumed success. Verification failures BLOCK completion — there is no override. The milestone stays in its current state until issues are resolved and verification is re-run. **If a verification tool itself fails, errors, or returns unexpected output, treat it as a verification failure** — never rationalize past a tool error ("tool didn't respond, assuming success" is forbidden). A tool that cannot verify is a tool that did not verify. **File system safety:** When scanning milestone directories for evidence, use `ls` or `find` to list directory contents first — never pass a directory path (e.g. `tasks/`, `slices/`) directly to the `read` tool. The `read` tool only accepts file paths, not directories. diff --git a/src/resources/extensions/gsd/prompts/discuss-prepared.md b/src/resources/extensions/gsd/prompts/discuss-prepared.md index 765dce324..92a232f7b 100644 --- a/src/resources/extensions/gsd/prompts/discuss-prepared.md +++ b/src/resources/extensions/gsd/prompts/discuss-prepared.md @@ -109,7 +109,7 @@ Options: - "Needs adjustment" — user will clarify, then re-present scope ``` -**Do NOT proceed to Layer 2 until the user explicitly approves the scope.** +**CRITICAL — Non-bypassable gate:** Do NOT proceed to Layer 2 until the user explicitly approves the scope. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. "Tool not responding, I'll proceed," "auth issues," or "I'll use my recommended scope" are all **forbidden**. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around. --- @@ -120,7 +120,7 @@ Before presenting Layer 2 findings, use your available web search tools to resea 1. Search for "[technology] [version] best practices [current year]" 2. Search for "[technology] [version] known issues" -Summarize findings concisely. If no search tools are available, note this and proceed using your training knowledge — don't block the discussion on missing search results. +Summarize findings concisely. If search tools fail or are unavailable, note this and proceed using your training knowledge — but do NOT use a search failure as justification to skip any gate. Present ecosystem findings at the start of Layer 2 alongside your architecture recommendation. @@ -180,7 +180,7 @@ Options: - "Want to adjust" — user will clarify, then re-present architecture ``` -**Do NOT proceed to Layer 3 until the user explicitly approves the architecture.** +**CRITICAL — Non-bypassable gate:** Do NOT proceed to Layer 3 until the user explicitly approves the architecture. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around. --- @@ -243,7 +243,7 @@ Options: - "Want to adjust error handling" — user will clarify, then re-present errors ``` -**Do NOT proceed to Layer 4 until the user explicitly approves error handling.** +**CRITICAL — Non-bypassable gate:** Do NOT proceed to Layer 4 until the user explicitly approves error handling. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around. --- @@ -297,7 +297,7 @@ Options: - "Want to adjust the quality bar" — user will clarify, then re-present quality ``` -**Do NOT proceed to Output Phase until the user explicitly approves the quality bar.** +**CRITICAL — Non-bypassable gate:** Do NOT proceed to Output Phase until the user explicitly approves the quality bar. If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around. --- @@ -315,13 +315,13 @@ Before writing a roadmap, produce or update `.gsd/REQUIREMENTS.md`. Use it as the project's explicit capability contract. Requirements discovered during the 4-layer discussion should be captured here with source `user` or `inferred` as appropriate. -**Print the requirements in chat before writing the roadmap.** Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?" +**Print the requirements in chat before writing the roadmap.** Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?" **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never proceed to roadmap creation without explicit requirement confirmation. ### Roadmap Preview Before writing any files, **print the planned roadmap in chat** so the user can see and approve it. Print a markdown table with columns: Slice, Title, Risk, Depends, Demo. One row per slice. Below the table, print the milestone definition of done as a bullet list. -If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two. +If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two. **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never write files without explicit approval. A missing response is not a "yes." ### Naming Convention diff --git a/src/resources/extensions/gsd/prompts/discuss.md b/src/resources/extensions/gsd/prompts/discuss.md index 0e2cd4e15..4061bc054 100644 --- a/src/resources/extensions/gsd/prompts/discuss.md +++ b/src/resources/extensions/gsd/prompts/discuss.md @@ -173,7 +173,7 @@ For multi-milestone projects, requirements should span the full vision. Requirem If the project is new or has no `REQUIREMENTS.md`, surface candidate requirements in chat before writing the roadmap. Ask for correction only on material omissions, wrong ownership, or wrong scope. If the user has already been specific and raises no substantive objection, treat the requirement set as confirmed and continue. -**Print the requirements in chat before writing the roadmap.** Do not say "here are the requirements" and then only write them to a file. The user must see them in the terminal. Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?" +**Print the requirements in chat before writing the roadmap.** Do not say "here are the requirements" and then only write them to a file. The user must see them in the terminal. Print a markdown table with columns: ID, Title, Status, Owner, Source. Group by status (Active, Deferred, Out of Scope). After the table, ask: "Confirm, adjust, or add?" **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never proceed to roadmap creation without explicit requirement confirmation. ## Scope Assessment @@ -185,7 +185,7 @@ Before moving to output, confirm the size estimate from your reflection still ho Before writing any files, **print the planned roadmap in chat** so the user can see and approve it. Print a markdown table with columns: Slice, Title, Risk, Depends, Demo. One row per slice. Below the table, print the milestone definition of done as a bullet list. -If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two. +If the user raises a substantive objection, adjust the roadmap. Otherwise, present the roadmap and ask: "Ready to write, or want to adjust?" — one gate, not two. **Non-bypassable:** If the user does not respond or gives an ambiguous answer, you MUST re-ask — never write files without explicit approval. A missing response is not a "yes." ### Naming Convention @@ -242,7 +242,7 @@ If a milestone has no dependencies, omit the frontmatter. The dependency chain f #### Phase 3: Sequential readiness gate for remaining milestones -For each remaining milestone **one at a time, in sequence**, decide the most likely readiness mode from the evidence you already have, then use `ask_user_questions` to let the user correct that recommendation. Present three options: +For each remaining milestone **one at a time, in sequence**, decide the most likely readiness mode from the evidence you already have, then use `ask_user_questions` to let the user correct that recommendation. **Non-bypassable:** If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block or auto-select a readiness mode. Present three options: - **"Discuss now"** — The user wants to conduct a focused discussion for this milestone in the current session, while the context from the broader discussion is still fresh. Proceed with a focused discussion for this milestone (reflection → investigation → questioning → depth verification). When the discussion concludes, write a full `CONTEXT.md`. Then move to the gate for the next milestone. - **"Write draft for later"** — This milestone has seed material from the current conversation but needs its own dedicated discussion in a future session. Write a `CONTEXT-DRAFT.md` capturing the seed material (what was discussed, key ideas, provisional scope, open questions). Mark it clearly as a draft, not a finalized context. **What happens downstream:** When auto-mode reaches this milestone, it pauses and notifies the user: "M00x has draft context — needs discussion. Run /gsd." The `/gsd` wizard shows a "Discuss from draft" option that seeds the new discussion with this draft, so nothing from the current conversation is lost. After the dedicated discussion produces a full CONTEXT.md, the draft file is automatically deleted. diff --git a/src/resources/extensions/gsd/prompts/guided-discuss-milestone.md b/src/resources/extensions/gsd/prompts/guided-discuss-milestone.md index a2f992631..41547e0c0 100644 --- a/src/resources/extensions/gsd/prompts/guided-discuss-milestone.md +++ b/src/resources/extensions/gsd/prompts/guided-discuss-milestone.md @@ -94,13 +94,13 @@ Before moving to the wrap-up gate, verify you have covered: - options: "Yes, you got it (Recommended)", "Not quite — let me clarify" - **The question ID must contain `depth_verification`** (e.g. `depth_verification_confirm`) — this enables the write-gate downstream. -**If `{{structuredQuestionsAvailable}}` is `false`:** ask in plain text: "Did I capture that correctly? If not, tell me what I missed." Wait for confirmation before proceeding. +**If `{{structuredQuestionsAvailable}}` is `false`:** ask in plain text: "Did I capture that correctly? If not, tell me what I missed." Wait for explicit confirmation before proceeding. **The same non-bypassable gate applies to the plain-text path** — if the user does not respond, gives an ambiguous answer, or does not explicitly confirm, you MUST re-ask. Never rationalize past a missing confirmation. If they clarify, absorb the correction and re-verify. The depth verification is the only required confirmation gate. Do not add a second "ready to proceed?" gate after it. -**CRITICAL — Non-bypassable gate:** The system mechanically blocks CONTEXT.md writes until the user selects the "(Recommended)" option. If the user declines, cancels, or the tool fails, you MUST re-ask — never rationalize past the block ("tool not responding, I'll proceed" is forbidden). The gate exists to protect the user's work; treat a block as an instruction, not an obstacle to work around. +**CRITICAL — Non-bypassable gate:** The system mechanically blocks CONTEXT.md writes until the user selects the "(Recommended)" option (structured path) or explicitly confirms (plain-text path). If the user declines, cancels, does not respond, or the tool fails, you MUST re-ask — never rationalize past the block ("tool not responding, I'll proceed" is forbidden). The gate exists to protect the user's work; treat a block as an instruction, not an obstacle to work around. --- diff --git a/src/resources/extensions/gsd/prompts/guided-discuss-slice.md b/src/resources/extensions/gsd/prompts/guided-discuss-slice.md index 353c5f831..e182bc417 100644 --- a/src/resources/extensions/gsd/prompts/guided-discuss-slice.md +++ b/src/resources/extensions/gsd/prompts/guided-discuss-slice.md @@ -41,11 +41,13 @@ After each round of answers, decide whether you already have enough signal to wr - Ask a single wrap-up question only when you genuinely believe the slice is well understood or the user signals they want to stop. - When you do ask it, offer two choices: "Write the context file" *(recommended when the slice is well understood)* or "One more pass". Use `ask_user_questions` if available, otherwise ask in plain text. +**CRITICAL — Non-bypassable gate:** Do NOT write the context file until the user explicitly selects "Write the context file." If `ask_user_questions` fails, errors, returns no response, or the user's response does not match a provided option, you MUST re-ask — never rationalize past the block. "Tool not responding, I'll proceed," "auth issues," or "the slice seems well understood, I'll write it" are all **forbidden**. The gate exists to protect the user's work; treat a block as an instruction to wait, not an obstacle to work around. + --- ## Output -Once the user is ready to wrap up: +Once the user has explicitly confirmed they are ready to write the context file: 1. Use the **Slice Context** output template below 2. `mkdir -p {{sliceDirPath}}` diff --git a/src/resources/extensions/gsd/prompts/rethink.md b/src/resources/extensions/gsd/prompts/rethink.md index a75c2aa21..9f083a9f0 100644 --- a/src/resources/extensions/gsd/prompts/rethink.md +++ b/src/resources/extensions/gsd/prompts/rethink.md @@ -12,7 +12,7 @@ You are a project reorganization assistant for a GSD (Get Shit Done) project. Th 1. Present the current milestone order as a clear numbered list with status indicators (e.g. ✅ complete, ▶ active, ⏳ pending, ⏸ parked) 2. Ask: **"What would you like to change?"** -3. Execute changes conversationally, confirming destructive operations before proceeding +3. Execute changes conversationally, confirming destructive operations before proceeding. **Non-bypassable:** For any destructive operation (discard, skip, reorder that breaks dependencies), you MUST get explicit user confirmation before executing. If the user does not respond, gives an ambiguous answer, or `ask_user_questions` fails, you MUST re-ask — never rationalize past the block. A missing confirmation is a "do not proceed." ## Supported Operations @@ -53,8 +53,12 @@ gsd_skip_slice({ milestoneId: "M003", sliceId: "S02", reason: "Descoped — feat Skipped slices are treated as closed by the state machine (like "complete" but distinct). Use when a slice is no longer needed or has been superseded. The slice data is preserved for reference. **Do NOT** just check the slice checkbox in the roadmap — this does not update the DB and auto-mode will resume the slice. +**CRITICAL — Non-bypassable gate:** Skipping a slice is a permanent DB operation. You MUST confirm with the user before calling `gsd_skip_slice`. If the user does not respond or gives an ambiguous answer, you MUST re-ask — never proceed without explicit approval. + ### Discard a milestone -**Permanently** delete a milestone directory and prune it from QUEUE-ORDER.json. **Always confirm with the user before discarding.** Warn explicitly if the milestone has completed work. +**Permanently** delete a milestone directory and prune it from QUEUE-ORDER.json. + +**CRITICAL — Non-bypassable gate:** Discarding is irreversible. You MUST confirm with the user before discarding. Warn explicitly if the milestone has completed work. If the user does not respond or gives an ambiguous answer, you MUST re-ask — never rationalize past the block. A missing confirmation is a "do not discard." ### Add a new milestone Use the `gsd_milestone_generate_id` tool to get the next ID, then call `gsd_summary_save` with `milestone_id: {ID}`, `artifact_type: "CONTEXT"`, and the scope/goals/success criteria as `content` — the tool writes the context file to disk and persists to DB. Update QUEUE-ORDER.json to place it at the desired position. diff --git a/src/resources/extensions/gsd/prompts/system.md b/src/resources/extensions/gsd/prompts/system.md index e7847a315..e79e1c3b9 100644 --- a/src/resources/extensions/gsd/prompts/system.md +++ b/src/resources/extensions/gsd/prompts/system.md @@ -38,7 +38,7 @@ GSD ships with bundled skills. Load the relevant skill file with the `read` tool - Never print, echo, log, or restate secrets or credentials. Report only key names and applied/skipped status. - Never ask the user to edit `.env` files or set secrets manually. Use `secure_env_collect`. - In enduring files, write current state only unless the file is explicitly historical. -- **Never take outward-facing actions on GitHub (or any external service) without explicit user confirmation.** This includes: creating issues, closing issues, merging PRs, approving PRs, posting comments, pushing to remote branches, publishing packages, or any other action that affects state outside the local filesystem. Read-only operations (listing, viewing, diffing) are fine. Always present what you intend to do and get a clear "yes" before executing. +- **Never take outward-facing actions on GitHub (or any external service) without explicit user confirmation.** This includes: creating issues, closing issues, merging PRs, approving PRs, posting comments, pushing to remote branches, publishing packages, or any other action that affects state outside the local filesystem. Read-only operations (listing, viewing, diffing) are fine. Always present what you intend to do and get a clear "yes" before executing. **Non-bypassable:** If the user does not respond, gives an ambiguous answer, or `ask_user_questions` fails, you MUST re-ask — never rationalize past the block ("tool not responding, I'll proceed" is forbidden). A missing "yes" is a "no." If a `GSD Skill Preferences` block is present below this contract, treat it as explicit durable guidance for which skills to use, prefer, or avoid during GSD work. Follow it where it does not conflict with required GSD artifact rules, verification requirements, or higher-priority system/developer instructions. diff --git a/src/resources/extensions/gsd/prompts/triage-captures.md b/src/resources/extensions/gsd/prompts/triage-captures.md index ac8e69ba8..460336fe0 100644 --- a/src/resources/extensions/gsd/prompts/triage-captures.md +++ b/src/resources/extensions/gsd/prompts/triage-captures.md @@ -51,7 +51,7 @@ For each capture, classify it as one of: For captures classified as **note** or **defer**, auto-confirm without asking — these are low-impact. For captures classified as **stop** or **backtrack**, auto-confirm without asking — these are urgent user directives that must be honored immediately. - For captures classified as **quick-task**, **inject**, or **replan**, ask the user to confirm or choose a different classification. + For captures classified as **quick-task**, **inject**, or **replan**, ask the user to confirm or choose a different classification. **Non-bypassable:** If `ask_user_questions` fails, errors, or the user does not respond, you MUST re-ask — never auto-confirm these classifications without explicit user approval. 3. **Update** `.gsd/CAPTURES.md` — for each capture, update its section with the confirmed classification: - Change `**Status:** pending` to `**Status:** resolved` diff --git a/src/resources/extensions/gsd/prompts/worktree-merge.md b/src/resources/extensions/gsd/prompts/worktree-merge.md index 65f865f21..5057e7255 100644 --- a/src/resources/extensions/gsd/prompts/worktree-merge.md +++ b/src/resources/extensions/gsd/prompts/worktree-merge.md @@ -90,9 +90,11 @@ Present a merge plan to the user: Ask the user to confirm the merge plan before proceeding. +**CRITICAL — Non-bypassable gate:** Do NOT execute any merge commands until the user explicitly approves the merge plan. If `ask_user_questions` fails, errors, returns no response, or the user's response is ambiguous, you MUST re-ask — never rationalize past the block. "No response, I'll proceed with the clean merges," "the plan looks safe, merging," or any other self-authorization is **forbidden**. The gate exists to protect the user's branches; treat a block as an instruction to wait, not an obstacle to work around. + ### Step 4: Execute Merge -Once confirmed, run all commands from `{{mainTreePath}}` (your CWD): +Once the user has explicitly confirmed, run all commands from `{{mainTreePath}}` (your CWD): 1. Ensure you are on the target branch: `git checkout {{mainBranch}}` 2. If there are conflicts requiring manual reconciliation, apply the reconciled versions first diff --git a/src/resources/extensions/gsd/tests/codebase-generator.test.ts b/src/resources/extensions/gsd/tests/codebase-generator.test.ts index 91ef3314a..fb3a0fc15 100644 --- a/src/resources/extensions/gsd/tests/codebase-generator.test.ts +++ b/src/resources/extensions/gsd/tests/codebase-generator.test.ts @@ -138,6 +138,28 @@ test("generateCodebaseMap: excludes .gsd/ files", () => { } }); +test("generateCodebaseMap: excludes .claude/ and other tool directories", () => { + const base = makeTmpRepo(); + try { + addFile(base, "src/main.ts"); + addFile(base, ".claude/CLAUDE.md"); + addFile(base, ".claude/memory/user.md"); + addFile(base, ".plans/plan.md"); + addFile(base, ".cursor/settings.json"); + addFile(base, ".vscode/settings.json"); + + const result = generateCodebaseMap(base); + assert.ok(result.content.includes("`src/main.ts`"), "should include src/main.ts"); + assert.ok(!result.content.includes("CLAUDE.md"), "should exclude .claude/ files"); + assert.ok(!result.content.includes("user.md"), "should exclude .claude/memory/ files"); + assert.ok(!result.content.includes(".plans"), "should exclude .plans/ files"); + assert.ok(!result.content.includes(".cursor"), "should exclude .cursor/ files"); + assert.ok(!result.content.includes(".vscode"), "should exclude .vscode/ files"); + } finally { + cleanup(base); + } +}); + test("generateCodebaseMap: excludes binary and lock files", () => { const base = makeTmpRepo(); try { diff --git a/src/resources/extensions/gsd/tests/detection.test.ts b/src/resources/extensions/gsd/tests/detection.test.ts index c1efd9d0f..25843ca7a 100644 --- a/src/resources/extensions/gsd/tests/detection.test.ts +++ b/src/resources/extensions/gsd/tests/detection.test.ts @@ -17,6 +17,7 @@ import { detectProjectState, detectV1Planning, detectProjectSignals, + scanProjectFiles, } from "../detection.ts"; function makeTempDir(prefix: string): string { @@ -1188,3 +1189,39 @@ test("detectProjectSignals: Spring Boot settings-defined catalog accessor emits cleanup(dir); } }); + +// ─── scanProjectFiles: RECURSIVE_SCAN_IGNORED_DIRS ────────────────────── + +test("scanProjectFiles: excludes .claude, .gsd, .planning, .plans, .cursor, .vscode directories", () => { + const dir = makeTempDir("scan-ignore-dotdirs"); + try { + // Create project files that should be included + mkdirSync(join(dir, "src"), { recursive: true }); + writeFileSync(join(dir, "src", "main.ts"), "// main\n", "utf-8"); + writeFileSync(join(dir, "README.md"), "# Project\n", "utf-8"); + + // Create tool directories that should be excluded + const excludedDirs = [".claude", ".gsd", ".planning", ".plans", ".cursor", ".vscode"]; + for (const d of excludedDirs) { + mkdirSync(join(dir, d), { recursive: true }); + writeFileSync(join(dir, d, "config.json"), "{}\n", "utf-8"); + } + // Nested .claude directory + mkdirSync(join(dir, ".claude", "memory"), { recursive: true }); + writeFileSync(join(dir, ".claude", "memory", "user.md"), "# Memory\n", "utf-8"); + + const files = scanProjectFiles(dir); + + // Should include project files + assert.ok(files.includes("src/main.ts"), "should include src/main.ts"); + assert.ok(files.includes("README.md"), "should include README.md"); + + // Should exclude all tool directories + for (const d of excludedDirs) { + const hasExcluded = files.some((f) => f.startsWith(`${d}/`)); + assert.ok(!hasExcluded, `should exclude ${d}/ directory but found: ${files.filter((f) => f.startsWith(`${d}/`)).join(", ")}`); + } + } finally { + cleanup(dir); + } +}); diff --git a/src/resources/extensions/gsd/tests/write-gate.test.ts b/src/resources/extensions/gsd/tests/write-gate.test.ts index 35c610a64..3c762e1da 100644 --- a/src/resources/extensions/gsd/tests/write-gate.test.ts +++ b/src/resources/extensions/gsd/tests/write-gate.test.ts @@ -195,6 +195,162 @@ test('write-gate: markDepthVerified unblocks queue-mode writes when milestoneId clearDiscussionFlowState(); }); +// ═══════════════════════════════════════════════════════════════════════ +// Discussion gate enforcement tests (pending gate mechanism) +// ═══════════════════════════════════════════════════════════════════════ + +import { + isGateQuestionId, + shouldBlockPendingGate, + shouldBlockPendingGateBash, + setPendingGate, + clearPendingGate, + getPendingGate, +} from '../bootstrap/write-gate.ts'; + +// ─── Scenario 19: isGateQuestionId recognizes all gate patterns ── + +test('write-gate: isGateQuestionId recognizes all gate patterns', () => { + assert.strictEqual(isGateQuestionId('layer1_scope_gate'), true); + assert.strictEqual(isGateQuestionId('layer2_architecture_gate'), true); + assert.strictEqual(isGateQuestionId('layer3_error_gate'), true); + assert.strictEqual(isGateQuestionId('layer4_quality_gate'), true); + assert.strictEqual(isGateQuestionId('depth_verification'), true); + assert.strictEqual(isGateQuestionId('depth_verification_M002'), true); + assert.strictEqual(isGateQuestionId('my_layer1_scope_gate_question'), true); + // Non-gate question IDs + assert.strictEqual(isGateQuestionId('project_intent'), false); + assert.strictEqual(isGateQuestionId('feature_priority'), false); + assert.strictEqual(isGateQuestionId(''), false); +}); + +// ─── Scenario 20: setPendingGate / getPendingGate / clearPendingGate lifecycle ── + +test('write-gate: pending gate lifecycle (set, get, clear)', () => { + clearDiscussionFlowState(); + assert.strictEqual(getPendingGate(), null, 'starts null'); + + setPendingGate('layer1_scope_gate'); + assert.strictEqual(getPendingGate(), 'layer1_scope_gate', 'set correctly'); + + clearPendingGate(); + assert.strictEqual(getPendingGate(), null, 'cleared correctly'); + + // clearDiscussionFlowState also clears pending gate + setPendingGate('layer2_architecture_gate'); + clearDiscussionFlowState(); + assert.strictEqual(getPendingGate(), null, 'clearDiscussionFlowState clears pending gate'); +}); + +// ─── Scenario 21: shouldBlockPendingGate blocks non-safe tools when gate is pending ── + +test('write-gate: shouldBlockPendingGate blocks write/edit during pending gate', () => { + clearDiscussionFlowState(); + setPendingGate('layer1_scope_gate'); + + // write should be blocked during discussion + const writeResult = shouldBlockPendingGate('write', 'M001', false); + assert.strictEqual(writeResult.block, true, 'write should be blocked'); + assert.ok(writeResult.reason!.includes('layer1_scope_gate'), 'reason mentions the gate'); + + // edit should be blocked + const editResult = shouldBlockPendingGate('edit', 'M001', false); + assert.strictEqual(editResult.block, true, 'edit should be blocked'); + + // gsd tools should be blocked + const gsdResult = shouldBlockPendingGate('gsd_plan_milestone', 'M001', false); + assert.strictEqual(gsdResult.block, true, 'gsd tools should be blocked'); + + clearDiscussionFlowState(); +}); + +// ─── Scenario 22: shouldBlockPendingGate allows safe tools when gate is pending ── + +test('write-gate: shouldBlockPendingGate allows read-only and ask_user_questions during pending gate', () => { + clearDiscussionFlowState(); + setPendingGate('layer1_scope_gate'); + + // ask_user_questions is always safe (model needs to re-ask) + assert.strictEqual(shouldBlockPendingGate('ask_user_questions', 'M001').block, false); + // read-only tools are safe + assert.strictEqual(shouldBlockPendingGate('read', 'M001').block, false); + assert.strictEqual(shouldBlockPendingGate('grep', 'M001').block, false); + assert.strictEqual(shouldBlockPendingGate('glob', 'M001').block, false); + assert.strictEqual(shouldBlockPendingGate('ls', 'M001').block, false); + + clearDiscussionFlowState(); +}); + +// ─── Scenario 23: shouldBlockPendingGate does not block outside discussion ── + +test('write-gate: shouldBlockPendingGate does not block outside discussion', () => { + clearDiscussionFlowState(); + setPendingGate('layer1_scope_gate'); + + // No milestoneId and no queue phase — not in discussion + const result = shouldBlockPendingGate('write', null, false); + assert.strictEqual(result.block, false, 'should not block outside discussion'); + + clearDiscussionFlowState(); +}); + +// ─── Scenario 24: shouldBlockPendingGate blocks in queue mode ── + +test('write-gate: shouldBlockPendingGate blocks in queue mode when gate is pending', () => { + clearDiscussionFlowState(); + setQueuePhaseActive(true); + setPendingGate('depth_verification'); + + const result = shouldBlockPendingGate('write', null, true); + assert.strictEqual(result.block, true, 'should block in queue mode'); + + clearDiscussionFlowState(); +}); + +// ─── Scenario 25: shouldBlockPendingGateBash allows read-only commands ── + +test('write-gate: shouldBlockPendingGateBash allows read-only commands during pending gate', () => { + clearDiscussionFlowState(); + setPendingGate('layer2_architecture_gate'); + + assert.strictEqual(shouldBlockPendingGateBash('cat file.txt', 'M001').block, false); + assert.strictEqual(shouldBlockPendingGateBash('git log --oneline', 'M001').block, false); + assert.strictEqual(shouldBlockPendingGateBash('grep -r pattern .', 'M001').block, false); + assert.strictEqual(shouldBlockPendingGateBash('ls -la', 'M001').block, false); + + clearDiscussionFlowState(); +}); + +// ─── Scenario 26: shouldBlockPendingGateBash blocks mutating commands ── + +test('write-gate: shouldBlockPendingGateBash blocks mutating commands during pending gate', () => { + clearDiscussionFlowState(); + setPendingGate('layer2_architecture_gate'); + + const result = shouldBlockPendingGateBash('npm run build', 'M001'); + assert.strictEqual(result.block, true, 'mutating bash should be blocked'); + assert.ok(result.reason!.includes('layer2_architecture_gate')); + + clearDiscussionFlowState(); +}); + +// ─── Scenario 27: no pending gate means no blocking ── + +test('write-gate: no pending gate means no blocking', () => { + clearDiscussionFlowState(); + + assert.strictEqual(shouldBlockPendingGate('write', 'M001').block, false); + assert.strictEqual(shouldBlockPendingGateBash('npm run build', 'M001').block, false); +}); + +// ─── Scenario 28: resetWriteGateState clears pending gate ── + +test('write-gate: resetWriteGateState clears pending gate', () => { + setPendingGate('layer3_error_gate'); + resetWriteGateState(); + assert.strictEqual(getPendingGate(), null); +}); + // ─── Standard options fixture used across depth confirmation tests ── const STANDARD_OPTIONS = [