Server errors (500/502/503/504) are server-side failures — rotating
credentials doesn't help. Only rate_limit and quota_exhausted are
meaningfully credential-scoped. This prevents the cascading backoff
where a single 500 backs off the sole API key for 20s, causing all
subsequent retries to fail with "All credentials temporarily backed off".
Closes#2588
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SessionLockData no longer has a completedUnits field. Use sessionFile
(an actual optional field) for the same assertion coverage.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
onCompromised was declaring lock lost when the lock file was temporarily
unreadable (NFS/CIFS latency, macOS APFS snapshot, or concurrent process
briefly holding the file). Add readExistingLockDataWithRetry (3 attempts,
200ms delay) so transient filesystem hiccups do not trigger false-positive
compromise events.
Fixes#2324
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When running GSD from a subdirectory (e.g. `cd src/ && gsd`),
ensureGsdSymlink would create a new `.gsd` symlink in the subdirectory
even though a valid `.gsd` already exists at the git root. On macOS
APFS this triggers the `.gsd 2` collision variant problem from #2205.
Add an early guard that detects when projectPath is a plain subdirectory
(not a worktree) of a git repo that already has `.gsd` at its root, and
returns the existing root .gsd target instead of creating a duplicate.
Fixes#2380
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
EAGAIN (resource temporarily unavailable) is a resource exhaustion error
that cannot be recovered by retrying, yet it was missing from the infra
error set. This caused auto-mode to keep retrying on EAGAIN failures,
burning LLM budget on guaranteed failures.
Fixes#2359
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Native search: use monotonic high-water mark (Math.max) instead of
overwriting sessionSearchCount from history. Prevents budget reset
when context compaction removes web_search_tool_result blocks.
- Custom search tool: add MAX_SEARCHES_PER_SESSION=15 hard cap across
all queries (not just consecutive duplicates). Returns budget_exhausted
error when limit reached.
- Tighten MAX_CONSECUTIVE_DUPES from 3 to 1 — block on the 2nd identical
search since cached results make repeats pointless.
- Add tests for compaction-safe high-water mark, session budget
enforcement, and budget reset on session_start.
Closes#2583
The hydrateRemoteTokensFromAuth() function used require() to load
AuthStorage from @gsd/pi-coding-agent, but the package is ESM-only
("type": "module" with only an "import" export condition). Node's
require() always throws for ESM packages, and the outer try/catch
silently swallowed the error — making hydration a no-op.
Replace require() with a static ESM import (consistent with every
other extension) and use AuthStorage.create() which resolves the
auth.json path internally via getAgentDir().
Closes#2565
Adds /^[a-z0-9][a-z0-9-]*$/ validation in formatSkillActivationBlock() so that
skill names containing quotes, braces, or other special characters are silently
filtered out before interpolation into the prompt string.
Addresses the prompt injection surface noted by @trek-e in PR review.
Updates the special-character test to verify rejection instead of passthrough.
Address review feedback:
- Update comment to clarify that the function-call-like syntax led
LLMs to infer a positional parameter name (not 'positional-looking')
- Add test documenting current behavior when skill names contain
special characters (quotes, apostrophes)
The skill activation block used positional-looking syntax
`Call Skill('name')` which caused LLMs (especially non-Anthropic
models) to pass `{name: "..."}` instead of the required
`{skill: "..."}` parameter. This triggered tool validation failures
and stuck dispatch loops in auto-mode.
Change the prompt template to `Call Skill({ skill: 'name' })` which
makes the parameter name explicit and matches the Skill tool schema.
Update all 4 affected test assertions to match the new format.
Closes#2224
writeIntegrationBranch already rejects slice branches (SLICE_BRANCH_RE) and
quick-task branches (QUICK_BRANCH_RE), but has no guard for the 8 workflow-
template branches (gsd/hotfix/*, gsd/bugfix/*, gsd/spike/*, etc.). When a
user runs `/gsd start hotfix` during an active milestone, the ephemeral
hotfix branch gets recorded as the integration target and the milestone
later merges to the wrong branch.
Add WORKFLOW_BRANCH_RE (/^gsd\/(?!M\d)[\w-]+\//) that matches all
gsd/<templateId>/<slug> branches while excluding milestone slice branches
(gsd/M001/S01). The negative lookahead ensures milestone branches starting
with 'M' followed by a digit are not affected.
Same root cause as gsd/quick/* (#1293, PR #1342).
Closes#2498
Doctor's DB-backed slice normalization already marks pending slices, but the
legacy roadmap fallback only returned done/not-done. That made future unstarted
slices look active during milestone-scoped doctor runs, producing false
missing_slice_dir errors.
Infer a doctor-local pending state for legacy slices by treating every undone
slice except the current active slice as unstarted. This keeps active-slice
missing directory checks intact while skipping false positives for future
slices, and adds a regression test for the legacy fallback path.
Closes#2518
Tests were checking `git log --oneline` for M001, but the refactor moved
milestone IDs from commit subject scopes to git trailers in the body.
Switch to `git log` (full format) so the trailer content is visible.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds `/gsd auto --yolo <spec-file>` (or `-y`) which reads a spec/PRD/ADR
and creates all milestone artifacts without interactive Q&A gates. Uses
the existing showHeadlessMilestoneCreation path — no changes to
startAuto or bootstrapAutoSession internals.
Rewrites discuss-headless.md to match the full rigor of the interactive
discuss.md prompt: mandatory codebase investigation, focused research
(table stakes, domain standards, omissions), capability contract with
R### traceability, gsd_plan_milestone tool usage, roadmap preview in
chat, multi-milestone manifest tracking, and depth verification audit
trail. The only difference from interactive mode is that all decisions
are made autonomously with assumptions documented.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Remove GSD planning IDs (milestone/slice/task) from conventional commit
subject lines and place them in machine-parseable git trailers instead.
Skip auto-commits for lifecycle-only unit types that only touch .gsd/ files.
Resolvesgsd-build/gsd-2#2553
Co-authored-by: glittercowboy <186001655+glittercowboy@users.noreply.github.com>
Agent-Logs-Url: https://github.com/gsd-build/gsd-2/sessions/250b4775-2d82-4329-9ccc-504b857428da
The verdict gate in auto-dispatch.ts now reads the UAT file to determine
the UAT type. For mixed, human-experience, and live-runtime modes,
PARTIAL is accepted as a valid verdict (all automatable checks passed,
human-only checks documented as NEEDS-HUMAN).
The run-uat prompt is updated so that PASS is the correct verdict when
all automatable checks succeed, even if human-only checks remain. PARTIAL
is reserved for when automatable checks themselves are inconclusive.
Fixesgsd-build/gsd-2#1400
Co-authored-by: glittercowboy <186001655+glittercowboy@users.noreply.github.com>
Agent-Logs-Url: https://github.com/gsd-build/gsd-2/sessions/5a619137-0710-4934-949f-bae63945bf70
scanJournalForForensics() previously called queryJournal() which loaded
ALL journal entries from ALL daily files into memory. For long-running
projects this could be thousands of entries and megabytes of data.
Now:
- Only the last 3 daily files are fully JSON-parsed (event counts, flows)
- Older files are line-counted only (no JSON parsing) for totals
- Recent events use a rolling window of 20 (shift, not accumulate)
- Constants MAX_JOURNAL_RECENT_FILES and MAX_JOURNAL_RECENT_EVENTS
make limits explicit and tunable
Activity log scanning was already intelligent:
- nativeParseJsonlTail with 10MB byte cap
- Only last 5 files scanned
- extractTrace() distills raw JSONL into compact ExecutionTrace structs
- formatReportForPrompt has 30KB hard cap on total output
Co-authored-by: glittercowboy <186001655+glittercowboy@users.noreply.github.com>
Agent-Logs-Url: https://github.com/gsd-build/gsd-2/sessions/7e7f71ec-0d56-409b-930e-5dff1305ff2a
When a custom provider (e.g. claude-code-cli) registers a streamSimple
handler with the same api type as a built-in (e.g. 'anthropic-messages'),
the global API provider registry was overwritten, routing ALL models of
that api type through the custom handler.
This caused anthropic/claude-opus-4-6 requests to be dispatched through
the Claude Code SDK subprocess instead of the Anthropic API, resulting
in 'Tool not found' errors for Glob, Read, Edit, Bash (SDK tool names
not present in pi's tool registry).
Fix: wrap the registered handler with a model.provider guard so it only
fires for models from the registering provider, delegating to the
previous handler for all other providers.
Closes#2536
The insertChildBefore approach doesn't fix tool ordering because the
message component is already live-streaming text when tool_execution
events arrive. Proper fix requires T3 Code-style session-lifetime
architecture. Revert to simple addChild for now.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
extractTrace() indiscriminately counts all isError tool results as
errors, including grep/rg/find returning exit code 1 (no matches)
and user-interrupt skips. This produces false-positive error-trace
anomalies in forensics reports — in a healthy 10-unit run, 3 units
were flagged with 8 spurious 'errors'.
Add two filters before pushing to the errors array:
- Bash commands with '(no output)' + exit code 1 (normal POSIX grep)
- 'Skipped due to queued user message' (intentional user interrupt)
Real errors (non-zero exit with actual error output, non-bash tool
failures) are still counted as before.
Closes#2539
The module-level reservedMilestoneIds Set persists across /gsd
invocations within the same Node process. Each cancelled session
reserves an ID that is never claimed, permanently inflating the
next milestone number. Starting /gsd 3 times without completing
produces M011 instead of M009.
Call clearReservedMilestoneIds() at the top of showSmartEntry()
and showHeadlessMilestoneCreation() so stale reservations from
previous cancelled sessions are discarded before generating new IDs.
The function already existed but was never called outside tests.
Closes#2488
- Add insertChildBefore() to Box component for positional insertion
- In chat controller, insert tool_execution components before the last
assistant message component (instead of appending after) when tools
were executed externally
- Simplify agent-loop externalToolExecution path back to basic
tool_execution_start/end emission
- Toolcall streaming events are filtered in the Claude Code adapter
to prevent duplicate rendering via message_update
Result: externally-executed tool calls render above the text response,
matching the expected visual flow.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The pre-flight milestone queue check in auto-start warns about every
CONTEXT-DRAFT.md it finds, regardless of milestone status. A completed
milestone with a leftover CONTEXT-DRAFT.md triggers a spurious warning
on every session start — noise with no actionable meaning.
Add a status guard that skips completed and parked milestones before
checking for CONTEXT-DRAFT files. When the DB is unavailable, fall back
to the existing warn-on-all behavior (safe default).
Closes#2473
- Filter toolcall_start/delta/end events from streaming to prevent
out-of-order rendering in the TUI's accumulated message content
- Collect tool calls from intermediate SDK turns and include them
BEFORE text content in the final AssistantMessage
- The agent loop's externalToolExecution path emits proper
tool_execution_start/end events for each intermediate tool call
- Result: tool activity renders above the text response, not below
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds `externalToolExecution` flag to AgentLoopConfig. When true, the
agent loop emits tool_execution_start/end events for TUI rendering but
skips local tool dispatch. Used by providers that handle tool execution
internally (e.g., Claude Code CLI via Agent SDK).
The flag is dynamically evaluated per-loop via a callback on
AgentOptions, so model switches mid-session are handled correctly.
Providers with authMode "externalCli" automatically use this mode.
Also updates the Claude Code CLI stream adapter to preserve tool call
blocks in the final message instead of stripping them.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
