Delete the Anthropic OAuth module, remove it from the built-in provider
registry, strip the OAuth client branch from the Anthropic streaming
provider, and replace the daemon orchestrator's token refresh with a
simple ANTHROPIC_API_KEY requirement.
Anthropic access is now API key or local Claude Code CLI only.
Closes#3952
When running inside a cmux terminal, GSD now automatically enables cmux
in project preferences instead of showing a manual enable prompt. Users
who explicitly disabled cmux (enabled: false) are still respected.
Closesgsd-build/gsd-2#3947
Change /^[a-z]+:/i to /^[a-z]{2,}:/i in getWriteGateModuleCandidates()
and getWorkflowExecutorModuleCandidates() so single-letter drive prefixes
(C:, D:) are not rejected as URL schemes. All IANA-registered schemes are
2+ characters, so this is a safe narrowing.
Adds regression tests for the regex fix.
Fixes#3942
.agents/, .bg-shell/, .idea/, venv/, target/, .cache/, and tmp/ were
missing from DEFAULT_EXCLUDES. This caused /gsd-new-project to scan
skill and agent definition files as project code, confusing researcher
agents during project initialization.
Aligns the exclude list with the gitignore patterns in gitignore.ts.
Addresses Codex adversarial review findings — the ADR-005 registries
and filters were built but not connected to the actual model selection
and provider adapter paths.
Fix 1+2: Tool filtering applied after model selection
- selectAndApplyModel() now calls adjustToolSet() after pi.setModel()
- Incompatible tools are removed via pi.setActiveTools()
- adjust_tool_set hook fires to allow extension overrides
- Verbose output reports filtered tools with provider context
Fix 3: ProviderSwitchReport wired through all 6 provider adapters
- New transformMessagesWithReport() convenience wrapper creates report,
passes it to transformMessages(), and logs non-empty reports to stderr
when GSD_VERBOSE=1 or PI_VERBOSE=1
- All adapters updated: anthropic, google, openai-responses,
openai-completions, mistral, bedrock
Close three remaining gaps from ADR-004:
1. Add modelOverrides to GSDPreferences type — removes unsafe type cast
in auto-model-selection.ts, enables TypeScript validation for user
capability override config.
2. Add profile completeness lint test — two tests in capability-router
that fail if MODEL_CAPABILITY_TIER and MODEL_CAPABILITY_PROFILES
drift out of sync (catches stale profiles on new model additions).
3. Add capability profiles for all 24 missing tier-mapped models — goes
from 9 to 33 profiles, organized by provider. Values reflect each
model family's known strengths (o-series high reasoning, nano/spark
high speed, codex variants high coding).
Closes#2659
- Add Architectural Decisions, Error Handling Strategy, Testing
Requirements, and Acceptance Criteria sections to context.md so
discussion investigation output persists for downstream phases
- Remove layer1-4 gate patterns from write-gate.ts (only depth_verification
remains — the 4-layer gates were only in the deleted discuss-prepared.md)
- Update write-gate tests to use depth_verification fixtures
Follows up on #3934
The discuss-prepared.md template (PR #3602) broke new project init by
presenting codebase analysis as scope recommendations before asking
the user what they want to build. On fresh projects it would invent
project scope from existing files instead of asking "What's the vision?"
- Delete discuss-prepared.md, context-enhanced.md, prompt-validation.ts
- Rewrite prepareAndBuildDiscussPrompt() to inject preparation briefs
as supplementary context into the standard discuss.md template
- Add {{preparationContext}} placeholder to discuss.md
- Delete 5 test files that only tested removed code
- Keep preparation.ts engine intact — codebase analysis is useful
background context, just shouldn't drive scope
Fixes#3934
The docs reorg moved FILE-SYSTEM-MAP.md from docs/ to docs/dev/ but
pr-risk-check.mjs was not updated, causing the PR Risk Report CI job
to fail on every PR.
Verifies auto.ts does not use a relative import reaching above
extensions/ for resource-loader (breaks on deployment to ~/.gsd/).
Guards against regression of the fix for #3899.
The relative import `../../../resource-loader.js` in auto.ts works from
the source tree (src/resources/extensions/gsd/ → src/resource-loader.js)
but breaks when extensions are deployed to ~/.gsd/agent/extensions/gsd/
(resolves to ~/.gsd/resource-loader.js which doesn't exist).
Use createRequire to resolve the gsd-pi package root and import
dist/resource-loader.js from there, which works in both source and
deployed contexts.
Regression introduced in #3899 (9ed543f1c8).
Split flat docs/ into user-docs/ (guides, config, troubleshooting) and
dev/ (ADRs, architecture, extension guides, proposals). Updated
docs/README.md index to reflect new paths.
Verifies the flag returns true after openDatabase() is called and
persists after closeDatabase(), ensuring the "not yet initialized"
vs "genuinely unavailable" distinction works correctly.
deriveState() is called during before_agent_start context injection,
before any tool invocation has had a chance to open the DB. Previously,
isDbAvailable() returning false in this path triggered a misleading
"DB unavailable — using filesystem state derivation (degraded mode)"
warning, even though the DB was simply not yet initialized (not failed).
Add a _dbOpenAttempted flag in gsd-db.ts that tracks whether
openDatabase() has been called at least once. The degraded-mode warning
now only fires when the DB was actually attempted and failed to open,
not when it hasn't been initialized yet.
Supersedes #3922.
