Patch SDK setModel() to accept { persist: false } so per-unit model
switching in auto-mode no longer overwrites the user's global default.
Add state rebuild + doctor on resume, guard logging for silent dispatch
failures, and active-state check before prompt injection.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Validate channel IDs via isValidChannelId() before URL interpolation
in setup wizard, preventing SSRF during test-send
- Add 15s fetch timeout to setup API calls (fetchJson, Discord test-send)
- Sanitize Discord error responses before surfacing to user
- Remove dead send.ts + channels.ts (unused parallel implementation)
- Add poll retry tolerance in manager.ts (1 transient error before fail)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On Linux, Playwright's --with-deps flag runs sudo to install system
packages. npm's spinner hides the password prompt, making the install
appear to hang. Now installs without --with-deps and directs Linux
users to run it manually if browser tools fail.
Closes#67
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ensureSliceBranch() now auto-commits dirty files before git checkout,
preventing "would be overwritten" errors when doctor/STATE.md rebuild
leaves uncommitted changes between slice dispatches. (closes#63)
On startup, migrate any .jsonl session files from the flat
~/.gsd/sessions/ directory into the per-cwd subdirectory so /resume
can find sessions created before per-directory scoping was added.
(closes#64)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Apple's on-device speech recognition resets bestTranscription after
silence gaps, discarding previous text. The Swift recognizer now
detects these resets (word count drop / different starting word) and
accumulates finalized segments so speech continues appending instead
of overwriting. TS side simplified to pass through the already-
accumulated text from the Swift process.
Provides a `google_search` tool as an alternative to Brave-based web
search for users with Google Cloud / Gemini API credits. Sends queries
to Gemini 3 Flash with `googleSearch: {}` grounding enabled, returning
an AI-synthesized answer with source URLs from grounding metadata.
Features:
- In-session caching (keyed by normalized query)
- Defensive truncation via truncateHead
- Classified error handling (auth, rate-limit, general)
- Custom TUI rendering for call/result display
- Session start warning if GEMINI_API_KEY is missing
CHANGELOG.md covers v0.1.6 through v0.3.3 with curated entries.
Publish command uses manual npm publish instead of GitHub Action.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- macOS-only (SFSpeechRecognizer), no-op on other platforms
- /voice command and Ctrl+Alt+V shortcut to toggle
- Streams partial transcription results directly into editor input
- Custom footer with flashing red dot + 'transcribing' indicator on row 1
- Enter to stop and keep text, Esc to cancel
- Ships precompiled Swift binary (60KB)
Run doctor (fix mode) and rebuild STATE.md after each unit completes
in handleAgentEnd. Catches missed checkboxes and stub summaries the
LLM may have skipped, and keeps STATE.md in sync with disk state.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- /gsd next: same state machine as /gsd auto but pauses between units
with a wizard showing what completed and what's next
- /gsd (bare): now defaults to step mode instead of the old guided flow
- /gsd auto: unchanged — continuous execution without pausing
- Deleted /gsd-run slash command (redundant with /gsd auto)
- Step mode preserves through discuss → auto-start transition
- User can switch from step → auto mid-session via wizard option
- Progress widget shows NEXT/AUTO based on current mode
The idle watchdog checked lastProgressAt to detect stalled agents, but
nothing updated that timestamp during normal execution. Any task taking
>10min triggered false idle recovery, steering messages, and eventually
got skipped — even while actively writing code.
Add detectWorkingTreeActivity() check before recovery: if git reports
uncommitted changes, the agent is working. Bump lastProgressAt and
skip recovery. Genuinely idle agents (clean working tree) still get
recovered as before.
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Merge improvements:
- Auto-detect current worktree: /worktree merge (bare) and /worktree merge main
work from inside a worktree without specifying the worktree name
- Full repo diffs: preview and LLM prompt show all changed files, not just .gsd/
- Accurate preview: direct diff (main vs branch) shows actual merge impact
- Per-file line stats: +N/-N shown for each file in merge preview
- CWD fix: chdir to main tree before dispatching merge to prevent broken CWD
after worktree cleanup
- Prompt includes explicit paths so the LLM knows where to read/write
Create/switch:
- /worktree create <name> works as alias for create-or-switch behavior
- Guard against creating a worktree when the branch is already in use
Remove:
- /worktree remove <name> validates the name exists before attempting removal
- /worktree remove <name> confirms before deleting
- /worktree remove all removes every worktree after confirmation prompt
Reload resilience:
- Detects if CWD is inside a worktree on extension init and restores
originalCwd tracking, surviving /reload without losing worktree state
Command descriptions:
- /worktree shows '(also /wt)' in description
- /wt shows 'Alias for /worktree'
Replace the inline union cast in renderResult with a proper
discriminated union (LocalResultDetails | RemoteResultDetails)
keyed on the `remote` field. Improves type safety and makes
the rendering logic self-documenting.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The catch-all in checkReactions() silently swallowed auth failures
(401/403), making them indistinguishable from "no reaction yet". Now:
- 404: expected (no reactions for this emoji), continue
- 401/403: re-thrown so the poll loop surfaces the auth failure
- Other errors: best-effort skip (rate limits, network)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Error messages from adapter auth/send failures may contain token
fragments. Added sanitizeError() that strips Slack token patterns
(xoxb-, xoxp-, xoxa-) and long opaque secrets (20+ alphanumeric
chars). Also truncates verbose Discord API error responses to 200
chars. Applied to all error paths in manager.ts and discord-adapter.ts.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Individual HTTP calls to Slack/Discord APIs could hang indefinitely
if the network stalls. The overall poll deadline only bounds the loop,
not each request. Now each fetch() gets AbortSignal.timeout(15_000).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Arbitrary-length free-text replies from remote channels were passed
directly into the LLM context. Now truncated to 500 chars with
trailing ellipsis.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Slack IDs must match ^[A-Z0-9]{9,12}$, Discord snowflakes must match
^\d{17,20}$. resolveRemoteConfig() and getRemoteConfigStatus() now
reject malformed IDs before they reach any URL interpolation.
Also fixes pre-existing false-positive in config tests (env overrides
couldn't affect module-level homedir() cache) — replaced with direct
isValidChannelId() unit tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Anthropic API rejects images exceeding 2000px in multi-image requests.
With deviceScaleFactor=2, viewport screenshots were 2560x1600px, triggering
400 errors that halted execution. Add scale:"css" to all API-facing screenshot
calls and a constrainScreenshot() fallback that downscales oversized images
(e.g. fullPage on tall pages) via the browser's canvas — zero new dependencies.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Update buildResourceLoader to include ~/.pi/agent/extensions/ in
additionalExtensionPaths, allowing GSD to discover and use extensions
installed in pi's default location.
This resolves extension loading issues when users have extensions
installed in ~/.pi/agent/extensions/ instead of ~/.gsd/agent/extensions/.
- resource-loader.ts: add piExtensionsDir to additionalExtensionPaths
- app-smoke.test.ts: add test verifying the source includes .pi path
resolveRemoteConfig test used process.env.HOME which is undefined on
Windows (Node uses USERPROFILE). Use a temp directory with both HOME
and USERPROFILE set, and clean up in a finally block.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
getLatestPromptSummary() sorted JSON filenames alphabetically to find
the most recent prompt. Since filenames are UUIDs (random, not temporal),
this returned arbitrary results. Now reads updatedAt from each record
and picks the highest.
Also fixes test isolation on Windows (USERPROFILE) and adds a regression
test that fails with the old alphabetical sort.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Child processes (Git Bash/MSYS2) strip the ENABLE_VIRTUAL_TERMINAL_INPUT
flag from the shared stdin console handle, corrupting terminal input.
Re-enable the flag after every child process exits in bash.js, bg-shell,
and cache FFI handles in pi-tui for cheap repeated calls.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cli.ts unconditionally entered InteractiveMode, ignoring --mode, -p,
--no-session and other flags the subagent extension passes to child
processes. The child would wait for TTY input that never arrives
(stdin is "ignore"), causing the parent to hang forever on "working".
Parse CLI args to detect print/subagent mode and route to runPrintMode()
with proper session, model, extension, and system prompt handling.
Closes#45
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
