- Native search: use monotonic high-water mark (Math.max) instead of
overwriting sessionSearchCount from history. Prevents budget reset
when context compaction removes web_search_tool_result blocks.
- Custom search tool: add MAX_SEARCHES_PER_SESSION=15 hard cap across
all queries (not just consecutive duplicates). Returns budget_exhausted
error when limit reached.
- Tighten MAX_CONSECUTIVE_DUPES from 3 to 1 — block on the 2nd identical
search since cached results make repeats pointless.
- Add tests for compaction-safe high-water mark, session budget
enforcement, and budget reset on session_start.
Closes#2583
- Add journalSummary to ForensicReport: flow count, event type
distribution, recent events timeline, date range
- Add activityLogMeta to ForensicReport: file count, total size,
oldest/newest files
- Add journal-based anomaly detectors: stuck-detected, guard-block,
rapid-iterations, worktree-failure events
- Update formatReportForPrompt and saveForensicReport to include
journal timeline and activity log metadata
- Update forensics prompt template with journal format docs,
investigation guidance for cross-referencing activity+journal
- Update web types (diagnostics-types.ts) and forensics-service.ts
for new fields
- Add forensics-journal.test.ts with 11 contract tests
Co-authored-by: glittercowboy <186001655+glittercowboy@users.noreply.github.com>
Agent-Logs-Url: https://github.com/gsd-build/gsd-2/sessions/d648480a-42f4-4c41-81c7-85038609c717
* feat(web): make web UI mobile responsive
Fixes#2274
Add mobile-first responsive design to the GSD web UI:
- Viewport meta tag via Next.js Viewport export
- Collapsible sidebar as slide-out drawer on mobile with hamburger menu
- Milestone explorer as right-side drawer on mobile with bottom bar toggle
- Responsive header: hide project label, scope badge, beta badge on small screens
- Dashboard: responsive grid (1col mobile -> 2col sm -> 4col xl), responsive padding
- Status bar: hide secondary info on small screens, responsive text sizing
- Touch-friendly 44px minimum tap targets on mobile nav items
- Mobile CSS utilities in globals.css (overlay, drawer transitions)
- 19 structural tests verifying responsive classes exist in key components
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* ci: retrigger after stale check
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* feat: complete offline mode support for local-only model setups
- Add isLocalModel() to detect localhost/127.0.0.1/0.0.0.0/::1/unix sockets
- Add isAllLocalChain() to verify all registry models are local
- Validate --offline flag rejects remote models with clear error
- Auto-enable PI_OFFLINE when all configured models are local
- Return dummy API key for local models to skip auth validation
- Filter web search results in offline mode (chat-controller + tool-execution)
- Add ECONNREFUSED/ENOTFOUND/ENETUNREACH to INFRA_ERROR_CODES for immediate
failure (no retry) when network is intentionally unavailable
- Add comprehensive test suite (17 tests)
Fixes#2341
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(test): update infra-error test for new offline-mode error codes
The offline mode feature added ECONNREFUSED, ENOTFOUND, and ENETUNREACH
to INFRA_ERROR_CODES but the test still asserted size === 6. Update the
count to 9 and add detection tests for the three new codes.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The DB-backed planning migration (#2280) moved 6 core modules to DB-primary
queries but left no fallback when DB is unavailable, breaking 19 tests in CI.
Source fixes: add file-based fallbacks in auto-direct-dispatch, auto-prompts,
auto-worktree, dispatch-guard, reactive-graph, visualizer-data, workspace-index,
and skill-health. Windows fixes: CRLF normalization, EPERM retry on rmSync,
path normalization. Enable --experimental-test-isolation=process to prevent
cross-test DB state leakage.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ship a Dockerfile.sandbox, docker-compose.yml, .env.example, and docs so
users can run GSD auto mode inside an isolated Docker sandbox (MicroVM)
without risk to the host filesystem, SSH keys, or other projects.
- Dockerfile.sandbox: Node 22 base, gsd-pi pre-installed, non-root user, port 3000
- docker-compose.yml: workspace volume mount, persistent .gsd state, env_file support
- .env.example: template for LLM provider keys and optional tool credentials
- docker/README.md: setup guide covering sandbox CLI, Compose, two-terminal workflow,
credential injection, and network allowlisting
- .dockerignore: project-root ignore file for efficient Docker builds
- src/tests/docker-template.test.ts: 13 structural tests verifying all template files
Fixes#1544
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Node v24 unconditionally refuses .ts files under node_modules/ — even
with --experimental-transform-types. When GSD is installed globally via
npm, every web service subprocess that loads a .ts extension module
crashes with ERR_UNSUPPORTED_NODE_MODULES_TYPE_STRIPPING.
Add resolveSubprocessModule() and buildSubprocessPrefixArgs() to
ts-subprocess-flags.ts. When packageRoot is under node_modules/ and the
compiled dist/*.js file exists, subprocess calls use the compiled JS
directly without TS flags or the resolve-ts.mjs loader.
Updated all 14 web service files: auto-dashboard, bridge, captures,
cleanup, doctor, export, forensics, history, hooks, recovery-diagnostics,
settings, skill-health, undo, and visualizer.
Fixes#2279
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds a visible control to change the devRoot directory from both the
project selection gate and the slide-out projects panel, so users no
longer need to hand-edit ~/.gsd/web-preferences.json.
- New /api/switch-root POST endpoint: validates path (exists, is dir),
persists to web-preferences.json (clearing lastActiveProject), and
returns discovered projects under the new root
- ProjectSelectionGate: shows current devRoot with "Change" link above
the project list; also shows "Change project root" link when no
projects are found under the current root
- ProjectsPanel: shows "Change" link next to the devRoot path in the
slide-out header
- Both views use the existing FolderPickerDialog for directory browsing
- 17 tests covering path validation, preference persistence, tilde
expansion, and end-to-end switch scenarios
Fixes#2264
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skip jiti JIT compilation for bundled extensions that have pre-compiled .js
siblings, enable V8 bytecode caching on Node 22+, and batch directory
discovery to reduce syscalls during resource loading.
Fixes#2108
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fixes#1936
The /api/boot endpoint relies on bridge-service.ts importing readdirSync
from node:fs to list session files. Without this import, listProjectSessions
throws ReferenceError and the route returns HTTP 500 on every request.
Add two guard tests:
- Source-level check that bridge-service.ts imports readdirSync
- Integration test that exercises the real filesystem session listing
(no listSessions mock) to catch the 500 at runtime
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Two root causes fixed:
1. Route handlers gained requireProjectCwd(request) guards after the
contract tests were written. Test requests lacked a ?project= query
param, causing routes to short-circuit or throw NoProjectError.
2. resolveCredentialSource's third fallback (authStorage.hasAuth) called
the module-level getEnvApiKey import directly, bypassing the
test-injectable getEnvApiKeyFn override. Real env vars like
OPENROUTER_API_KEY leaked into tests expecting no auth.
Changes:
- Add projectRequest() helper to attach ?project= to all test route calls
- Add noEnvApiKey() stub and scoped getEnvApiKey overrides to isolate
tests from real environment variables
- Replace authStorage.hasAuth() with
authStorage.getCredentialsForProvider().length in resolveCredentialSource
to prevent env-check duplication (env is already checked via the
overridable getEnvApiKeyFn on the preceding line)
When `gsd --web` exits uncleanly (terminal closed, crash), the spawned
server process survives as an orphan bound to port 3000. On re-launch,
the new server gets EADDRINUSE and the 3-minute boot-ready poll hangs.
Add `cleanupStaleInstance()` that checks the instance registry for a
previous entry matching the same cwd and kills its process before
reserving a port. This makes re-launches succeed immediately instead
of timing out after 180 seconds.
Fixes#1934
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Stop force-syncing bundled skills to ~/.gsd/agent/skills/ on every launch.
Instead, use ~/.agents/skills/ (the industry-standard skills.sh directory)
as the primary global skills location, and .agents/skills/ for project-local
skills.
Changes:
- loadSkills() now scans ~/.agents/skills/ (global) and .agents/skills/ (project)
instead of ~/.gsd/agent/skills/ and .gsd/skills/
- initResources() no longer syncs src/resources/skills/ → ~/.gsd/agent/skills/
- skill-discovery, skill-telemetry, skill-health, preferences-skills all updated
to use the ecosystem directory
- New skill-catalog.ts: curated skill packs mapped to tech stacks, with
brownfield auto-detection and greenfield tech stack selection
- Init wizard gains a skill installation step that presents relevant packs
and installs via `npx skills add`
- Export ECOSYSTEM_SKILLS_DIR and ECOSYSTEM_PROJECT_SKILLS_DIR from pi-coding-agent
Fixes#2004
* test: add assertion messages to fix Assertion Roulette in GSD tests
Add descriptive messages to multi-assertion tests where a bare failure
output ("expected true, got false") wouldn't identify which assertion
broke. Affected tests: auto-secrets-gate, search-tavily, search-provider-
command, tavily-helpers.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test: fix Eager Test smell in captures and worktree-manager tests
- Split captures: loadPendingCaptures test — extracted loadAllCaptures
assertion into its own focused test
- Refactor worktree-manager: replace monolithic main() script with 11
isolated test() calls, each with its own repo setup via helpers
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test: add assertion messages to remaining test files
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* test: fix contract test gate, dynamic roots, and shared fetch helpers
- Fix reject-notice sub-test gated on outcome.kind (actual) instead of
expectedKind (map value) in web-command-parity-contract.test.ts
- Restore dynamic loop over registered non-gsd passthrough roots with
an explicit count assertion so new registrations fail loudly
- Extract normalizeHeaders/parseJsonBody to src/tests/fetch-test-helpers.ts
and import in both search-tavily and llm-context-tavily tests
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
The standalone Next.js bundle bakes import.meta.url at build time with
the Linux CI runner's absolute path. On Windows, fileURLToPath() rejects
the Unix file:// URL at module load time, crashing all API routes with
ERR_INVALID_FILE_URL_PATH before GSD_WEB_PACKAGE_ROOT can be checked.
Replace the eager top-level const with a lazy getter that:
1. Defers evaluation until GSD_WEB_PACKAGE_ROOT is actually absent
2. Catches the cross-platform fileURLToPath failure gracefully
3. Falls back to process.cwd() when the baked-in URL is invalid
4. Caches the result so the computation only runs once
Add regression tests verifying:
- GSD_WEB_PACKAGE_ROOT is used when set
- Lazy fallback returns a valid absolute path without throwing
- Memoization is stable across calls
- Module loads without crash (the original failure mode)
Closesgsd-build/gsd-2#1881
Next.js 16 auto-detects web/proxy.ts as middleware, gating all /api/*
routes behind bearer token validation. The token was only cached in
memory (lost on page refresh) and extracted from the URL hash fragment
(cleared after first extraction). This caused 401 errors on page
refresh and broke the sendBeacon shutdown call which cannot set
custom headers.
Changes:
- Persist the auth token to sessionStorage after extracting from the
URL fragment so it survives page refreshes within the same tab
- Fall back to sessionStorage when the URL hash is absent (refresh,
bookmark without hash)
- Pass the auth token as a _token query parameter in the sendBeacon
shutdown call since sendBeacon cannot set Authorization headers
- Add regression tests for token persistence, sessionStorage fallback,
and sendBeacon authentication
Fixes#1851
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Several test files used assert.ok(Array.isArray(x)) or assert.ok(result)
patterns that verify structure/existence without checking actual values.
These pass even when the code returns wrong data.
- web-diagnostics-contract: Array.isArray() checks → deepEqual([], [])
for fields constructed as empty; DoctorFixResult uses deepEqual(["fix1"])
instead of Array.isArray + length; InstanceType<typeof GSDWorkspaceStore>
for type assertions from dynamic import
- skill-lifecycle: computeStaleAvoidList → deepEqual(result, []) since
nonexistent path must return empty
- blob-store: remove redundant assert.ok(retrieved) before deepEqual
- discovery-cache: assert.ok(entry) existence check → verify models[0].id
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Node v24 forbids --experimental-strip-types for files under node_modules/.
When GSD is globally installed, all src/ files live under node_modules/gsd-pi/,
causing every subprocess worker to crash with ERR_UNSUPPORTED_NODE_MODULES_TYPE_STRIPPING.
Bug 1: Extract resolveTypeStrippingFlag() into src/web/ts-subprocess-flags.ts.
When the package root is under node_modules/ and Node >= 22.7, the function
returns --experimental-transform-types (which handles node_modules paths).
All 15 service files and cli-entry.ts now call this function instead of
hardcoding --experimental-strip-types.
Bug 2: waitForBootReady() now tracks consecutive 5xx responses and aborts
after 3 in a row, including the response body in the error message.
Connection-level errors (transient during cold start) reset the counter.
Bug 3: The /api/boot route handler now wraps collectBootPayload() in
try/catch and returns { error: message } with status 500, matching the
error response pattern used by other API routes.
Fixes#1849
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Wire CLI flags through parseCliArgs → runWebCliBranch → launchWebMode
so users can bind to a custom host/port and whitelist CORS origins for
LAN/Tailscale access.
- Add webHost, webPort, webAllowedOrigins to CliFlags
- Parse --host, --port (validated 1-65535), --allowed-origins (csv)
- Forward into launchWebMode options
- Set GSD_WEB_ALLOWED_ORIGINS in subprocess env when provided
- Add allowedOrigins to WebModeLaunchOptions
Usage: gsd --web --host 0.0.0.0 --port 8080 --allowed-origins http://192.168.1.10:8080Closes#1847
* chore(M003/S01): auto-commit after plan-slice
* chore(M003/S01/T02): auto-commit after execute-task
* chore(M003/S01/T03): auto-commit after execute-task
* docs: queue M004 — web mode documentation and CI/CD integration
* chore(M003/S01/T04): auto-commit after execute-task
* chore(M003/S01): auto-commit after complete-slice
* chore(M003/S01): auto-commit after reassess-roadmap
* chore: production polish — real logo, remove scaffold remnants
- Replace placeholder 'G' box in header with real GSD logo icon SVG (currentColor, theme-aware)
- Delete 5 dead placeholder files (placeholder-logo.svg/png, placeholder-user.jpg, placeholder.jpg, placeholder.svg)
- Remove v0.app generator tag from layout metadata
- Remove unused @vercel/analytics dependency
* chore(M003/S02): auto-commit after research-slice
* chore(Q1): auto-commit after quick-task
* fix: remove duplicate parse cache block causing web mode boot failure
The 'Parse Cache' section in files.ts was duplicated (merge artifact),
causing 'Identifier CACHE_MAX has already been declared' when Node's
--experimental-strip-types loaded the file. This made /api/boot return
500, which caused waitForBootReady to time out and web mode launch to
fail with 'boot-ready:http 500'.
Removed the second (older) duplicate block, keeping the first one which
includes the improved mid-sample cache key.
* docs: add quick task summary and update STATE.md
* fix: replace sidebar icon+text with full logo image
Swap the inline SVG G-mark icon and 'GSD 2' text span in the app shell
header with an <img> referencing /logo-white.svg (the full GSD wordmark).
Removes the redundant text label. Sized at h-4 (16px) to fit the header.
* docs(S02): add slice plan
* chore: update state for S02 execution
* chore(M003/S02/T01): auto-commit after execute-task
* chore(M003/S02/T02): auto-commit after execute-task
* chore(M003/S02/T03): auto-commit after execute-task
* chore(M003/S02): auto-commit after complete-slice
* chore(M003/S02): auto-commit after reassess-roadmap
* chore(M003/S03): auto-commit after research-slice
* docs(S03): add slice plan
* chore(M003/S03/T01): auto-commit after execute-task
* chore(M003/S03/T02): auto-commit after execute-task
* chore(M003/S03/T03): auto-commit after execute-task
* chore(M003/S03): auto-commit after complete-slice
* chore(M003/S03): auto-commit after reassess-roadmap
* chore(M003/S04): auto-commit after research-slice
* docs(S04): add slice plan
* chore(M003/S04/T01): auto-commit after execute-task
* chore(M003/S04/T02): auto-commit after execute-task
* chore(M003/S04/T03): auto-commit after execute-task
* chore(M003/S04): auto-commit after complete-slice
* chore(M003/S04): auto-commit after reassess-roadmap
* chore(M003/S05): auto-commit after research-slice
* docs(S05): add slice plan
* chore(M003/S05/T01): auto-commit after execute-task
* chore(M003/S05/T02): auto-commit after execute-task
* chore(M003/S05): auto-commit after complete-slice
* chore(M003/S05): auto-commit after reassess-roadmap
* chore(M003/S06): auto-commit after research-slice
* docs: queue M005
* docs(S06): add slice plan
* chore(M003/S06/T01): auto-commit after execute-task
* chore(M003/S06/T02): auto-commit after execute-task
* chore(M003/S06): auto-commit after complete-slice
* chore(M003/S06): auto-commit after reassess-roadmap
* chore(M003/S07): auto-commit after research-slice
* docs(S07): add slice plan
* chore: update STATE.md for S07 execution
* chore(M003/S07/T01): auto-commit after execute-task
* chore(M003/S07/T02): auto-commit after execute-task
* chore(M003/S07/T03): auto-commit after execute-task
* chore(M003): record integration branch
* chore(M003/S07/T04): auto-commit after execute-task
* chore(M003/S07): auto-commit after complete-slice
* chore(M003/S07): auto-commit after reassess-roadmap
* chore(M003/S08): auto-commit after research-slice
* docs(S08): add slice plan
* chore(M003/S08/T01): auto-commit after execute-task
* chore(M003/S08/T02): auto-commit after execute-task
* chore(M003/S08): auto-commit after complete-slice
* chore(M003/S08): auto-commit after reassess-roadmap
* chore(M003/S09): auto-commit after research-slice
* docs(S09): add slice plan
* chore(M003/S09/T01): auto-commit after execute-task
* chore(M003/S09/T02): auto-commit after execute-task
* chore(M003/S09): auto-commit after complete-slice
* chore(M003): auto-commit after complete-milestone
* chore(M004): record integration branch
* chore: untrack .gsd/ runtime files from git index
* chore(M004): auto-commit after research-milestone
* feat(M006): multi-project workspace
- Bridge registry replacing singleton (Map<string, BridgeService> keyed by project path)
- resolveProjectCwd(request) for ?project= query param with env-var fallback
- All 26 API routes and 16 services threaded with project context
- Project discovery service scanning one directory level with smart detection
- /api/projects and /api/preferences routes
- ProjectStoreManager with per-project SSE lifecycle isolation
- Projects NavRail tab with kind badges and signal chips
- Onboarding dev root step (position 3, skippable)
- Context-aware launch detection (resolveContextAwareCwd)
- BootProjectInitializer for auto-registering boot project
- 25 new contract tests (8 bridge, 10 discovery, 7 launch)
- 1222 tests pass, both builds green
Squash-merged from milestone/M006 work on gsd/quick branch.
Includes M004 and M005 milestone artifacts.
* feat: add dev root setup in Projects view and Settings panel
- Projects view empty state now has inline dev root input with
suggestion chips instead of just a text message
- Settings gear → Workspace tab shows dev root configuration
- /gsd prefs command surface includes dev root section at top
- PUT /api/preferences now merges with existing prefs (read-modify-write)
instead of overwriting — fixes potential data loss of lastActiveProject
- Fixed pre-existing type issue: sectionLabel/sectionIcon Records use
Partial<Record> to handle gsd-* sections that aren't in the map
* feat: native folder picker for dev root selection
- New /api/browse-directories?path= endpoint returns directory listings
from the server filesystem (directories only, excludes dotfiles/node_modules)
- FolderPickerDialog component with directory browser: navigate folders,
go up to parent, select current folder
- Projects view empty state shows 'Browse for Folder' button opening the picker
- Settings Workspace tab shows current path with 'Change' button opening picker
- Replaces text input approach — no more typing paths manually
* fix: move Projects icon to bottom of NavRail, above Git
Projects is a workspace-level navigation action, not a primary view.
Placing it in the bottom section alongside Git and Settings keeps
the top section focused on content views.
* feat: multi-project-aware exit dialog
When multiple projects are open, the exit button shows two options:
- Close current project (disconnects it, switches to another)
- Stop server (shuts down all projects and closes the tab)
With only one project open, shows the original simple 'Stop server' dialog.
Also adds closeProject(), getProjectCount(), and getActiveProjectPaths()
to ProjectStoreManager.
* feat: intercept browser tab close with confirmation and auto-shutdown
beforeunload triggers the browser's native 'Leave site?' confirmation
dialog when the user tries to close the tab. If they confirm, pagehide
fires sendBeacon to /api/shutdown, cleanly stopping all GSD instances.
* feat: remove session card from dashboard, fix beforeunload
- Removed the session card (model, cost, tokens, elapsed, auto mode,
live tool/streaming indicators) from the dashboard right column
- Dashboard current slice section now takes full width
- Removed beforeunload handler (tab close silently shuts down via
pagehide + sendBeacon instead of showing native browser dialog)
- Updated web-state-surfaces-contract test: removed assertion for
activeToolExecution/streamingAssistantText in dashboard
- 1220/1221 tests pass (1 flaky context-store unrelated to changes)
* feat: show loading dialog when switching to a new project
When clicking a project that doesn't have a bridge instance yet,
a shadcn Dialog with a spinner and 'Opening [project]' message
appears instead of navigating to the dashboard with skeleton cards.
The dialog waits for the store's bootStatus to become 'ready' or
'error' (or 30s timeout) before navigating to the dashboard.
Clicking the already-active project navigates directly.
* feat: restore theme toggle and light/dark CSS from M005
M005's theme work was lost during the M006 squash merge (different
branch base). This restores:
- ThemeProvider in layout.tsx with class-based theming and FOIT prevention
- NavRail theme toggle cycling system → light → dark (Monitor/Sun/Moon icons)
- Light-mode :root CSS variables (monochrome oklch, inverted lightness)
- Dark .dark section with custom tokens (--success, --warning, --info,
--terminal, --terminal-foreground, --code-line-number)
- suppressHydrationWarning on <html> for next-themes compatibility
* fix: switch logo between black/white variants based on theme
Uses paired dark:/hidden Tailwind classes — zero JS cost, no flash.
* chore: untrack .gsd/ runtime files from git index
* chore(Q2): auto-commit after quick-task
* feat(web): resizable milestone sidebar + rename tab title to GSD
- Add drag-to-resize handle on left edge of milestone sidebar
(col-resize, 180-480px range, same pattern as terminal resize)
- Change document.title suffix from 'GSD 2' to 'GSD'
- Remove border-l from MilestoneExplorer (drag handle provides separation)
* docs: quick task 2 summary and state update
* feat: spawn GSD instance in right-side terminal, rename browser tab to GSD
- Add command option to PTY manager to spawn pi instead of default shell
- Thread command param through terminal API routes and ShellTerminal component
- DualTerminal right pane now launches a separate pi (GSD) instance
- Update header label to 'Right: Interactive GSD'
- Set browser tab title to 'GSD' instead of project folder name
* fix: use distinct default session ID for GSD terminal to avoid reusing stale zsh session
* fix: make shell terminal respect light/dark theme
- Add light xterm theme alongside existing dark theme
- Detect theme via next-themes useTheme and pass isDark to terminal instances
- Dynamically update xterm theme when user switches themes
- Replace all hardcoded dark bg colors (#0a0a0a, #0c0c0c, zinc-*) with
theme-aware classes (bg-terminal, text-muted-foreground, etc.)
* feat: add loading spinner while terminal session initializes
* feat: replace left-side AutoTerminal with real GSD terminal instance
- Remove custom AutoTerminal React component
- Left side now runs a real pi terminal (sessionPrefix=gsd-main)
- Right side uses sessionPrefix=gsd-interactive for isolation
- Add sessionPrefix prop to ShellTerminal for distinct session IDs
- Update header labels: Left: Primary GSD | Right: Interactive GSD
* feat: auto-select STATE.md on files view initial load
* feat: pre-initialize dual terminal PTY sessions on boot
Keep DualTerminal always mounted (hidden when not active) so PTY
sessions spawn as soon as the bridge connects. Terminals are ready
immediately when the user switches to the power view.
* fix: move STATE.md auto-select effect after handleSelectFile declaration
Fixes TDZ ReferenceError — the useEffect was referencing handleSelectFile
before its useCallback declaration.
* chore(M006): record integration branch
* Squashed commit of the following:
commit e3f495a224f53e954798b6f96a59806db43bfdb0
Author: snowdamiz <yurlovandrew@gmail.com>
Date: Tue Mar 17 16:12:50 2026 -0400
chore: auto-commit before milestone merge
commit d9a0193c9c54fafcaff6bc0de7c169936f41b2df
Author: snowdamiz <yurlovandrew@gmail.com>
Date: Tue Mar 17 08:35:53 2026 -0400
chore: auto-commit before milestone merge
commit 010430059ca50c6b773ee4480e42d2c54a1c0b75
Author: snowdamiz <yurlovandrew@gmail.com>
Date: Tue Mar 17 04:57:49 2026 -0400
chore(M006): record integration branch
commit a6f6d0294c90a253585571a5a9615c7f3e41e7ea
Author: snowdamiz <yurlovandrew@gmail.com>
Date: Tue Mar 17 04:57:36 2026 -0400
docs: queue M006 — Multi-project workspace
commit b2dd57423835d132f6d3963abbb2bfc799e64100
Author: snowdamiz <yurlovandrew@gmail.com>
Date: Tue Mar 17 03:43:52 2026 -0400
chore(M005): record integration branch
# Conflicts:
# .gsd/DECISIONS.md
# .gsd/PROJECT.md
# .gsd/REQUIREMENTS.md
# .gsd/milestones/M006/M006-META.json
# src/web/recovery-diagnostics-service.ts
* chore(M006): record integration branch
* feat(M006): Multi-Project Workspace
Completed slices:
- S01: Bridge registry and project-scoped API surface
- S02: Project discovery, Projects view, and store switching
- S03: Onboarding dev root step, context-aware launch, and final assembly
Branch: milestone/M006
* refactor(visualizer): redesign visualizer-view layout and tab structure
* docs(M007): context, requirements, and roadmap
* chore(M007): record integration branch
* docs(M007): rewrite roadmap and all slice plans to new template format
* chore(M007/S01/T01): auto-commit after execute-task
* chore(M007/S01/T02): auto-commit after execute-task
* chore(M007/S01): auto-commit after complete-slice
* chore(M007/S01): auto-commit after reassess-roadmap
* chore(M007/S02/T01): auto-commit after execute-task
* chore(M007/S02/T02): auto-commit after execute-task
* chore(M007/S02/T03): auto-commit after execute-task
* chore(M007/S02): auto-commit after complete-slice
* chore(M007/S02): auto-commit after reassess-roadmap
* chore(M007/S03/T01): auto-commit after execute-task
* chore(M007/S03/T02): auto-commit after execute-task
* chore(M007/S03): auto-commit after complete-slice
* chore(M007/S03): auto-commit after reassess-roadmap
* chore(M007/S04/T01): auto-commit after execute-task
* chore(M007/S04/T02): auto-commit after execute-task
* chore(M007/S04/T03): auto-commit after execute-task
* chore(M007/S04): auto-commit after complete-slice
* chore(M007): auto-commit after complete-milestone
* feat(M007): Chat Mode — Consumer-Grade GSD Interface
Completed slices:
- S01: PTY output parser and chat message model
- S02: Chat Mode view — main pane
- S03: TUI prompt intercept UI
- S04: Action toolbar and right panel lifecycle
Branch: milestone/M007
* feat(chat-mode): move Discuss to input bar
* fix(web): launch browser PTYs with GSD loader
* chore(M005): record integration branch
* feat(M005): Light Theme with System-Aware Toggle
Completed slices:
- S01: Theme foundation and NavRail toggle
- S02: Component color audit and visual verification
Branch: milestone/M005
* chore(M007): record integration branch
* feat(web): chat mode action bar, smart CTA, project-level status bar, centered visualizer tabs
- Chat input bar: top 3 buttons (Discuss, Next, Auto) + overflow menu with all /gsd subcommands grouped by category, tooltips on hover
- Action routing: main-panel commands (next, auto, stop, pause) vs action-panel commands (discuss, status, visualize, etc.)
- Removed Config, Hooks, Migrate, Inspect from action menu
- Smart placeholder CTA: derives contextual button from workspace state (New Milestone, Start Auto, Resume, Plan, etc.)
- Status bar: project-level totals (duration, tokens, cost) from visualizer API instead of session-scoped auto data
- Visualizer: centered tab bar
* docs(M008): context, requirements, and roadmap
* chore(M008): record integration branch
* chore(M008/S01): auto-commit after research-slice
* docs(S01): add slice plan
* chore(M008/S01/T01): auto-commit after execute-task
* chore(M008/S01/T02): auto-commit after execute-task
* chore(M008/S01): auto-commit after complete-slice
* chore(M008/S01): auto-commit after reassess-roadmap
* chore(M008/S02): auto-commit after research-slice
* docs(S02): add slice plan
* chore(M008/S02/T01): auto-commit after execute-task
* chore(M008/S02/T02): auto-commit after execute-task
* chore(M008/S02): auto-commit after complete-slice
* chore(M008/S02): auto-commit after reassess-roadmap
* chore(M008/S03): auto-commit after research-slice
* docs(S03): add slice plan
* chore(M008/S03/T01): auto-commit after execute-task
* chore(M008/S03/T02): auto-commit after execute-task
* chore(M008/S03/T03): auto-commit after execute-task
* chore(M008/S03): auto-commit after complete-slice
* chore(M008/S03): auto-commit after reassess-roadmap
* chore(M008/S04): auto-commit after research-slice
* docs(S04): add slice plan
* chore(M008/S04/T01): auto-commit after execute-task
* chore(M008/S04/T02): auto-commit after execute-task
* chore(M008/S04): auto-commit after complete-slice
* chore(M008/S04): auto-commit after reassess-roadmap
* chore(M008/S05): auto-commit after research-slice
* docs(S05): add slice plan
* chore(M008/S05/T01): auto-commit after execute-task
* chore(M008/S05/T02): auto-commit after execute-task
* chore(M008/S05): auto-commit after complete-slice
* chore(M008): auto-commit after complete-milestone
* feat(M008): Web Polish
Completed slices:
- S01: Projects Page Redesign
- S02: Browser Update UI
- S03: Theme Defaults & Light Mode Color Audit
- S04: Remote Questions Settings
- S05: Progress Bar Dynamics & Terminal Text Size
Branch: milestone/M008
* docs: project plan — 3 milestones (M009 editor, M010 upstream sync, M011 CI/CD+PWA)
* chore(M009): record integration branch
* chore(M009/S01): auto-commit after research-slice
* docs(S01): add slice plan
* chore(M009/S01/T01): auto-commit after execute-task
* chore(M009/S01/T02): auto-commit after execute-task
* chore(M009/S01): auto-commit after complete-slice
* chore(M009/S01): auto-commit after reassess-roadmap
* chore(M009/S02): auto-commit after research-slice
* docs(S02): add slice plan
* state: S02 executing, next T01
* chore(M009/S02/T01): auto-commit after execute-task
* chore(M009/S02/T02): auto-commit after execute-task
* chore: untrack .gsd/ runtime files from git index
* chore(M009/S04): auto-commit after plan-slice
* docs(S04): add slice plan
* feat(S04/T01): Added dual shiki theme loading (dark + light) driven by…
- web/components/gsd/file-content-viewer.tsx
* chore(M010): record integration branch
* chore(M011): record integration branch
* feat(S02/T01): Added dist/web/standalone/{server.js, public/manifest.js…
- scripts/validate-pack.js
* test(S02/T02): Created .github/workflows/web.yml with full web host CI…
- .github/workflows/web.yml
* fix gitignore
* chore: update .gitignore to match upstream, untrack ignored files
- Updated .gitignore to match upstream/main patterns
- Removed 498 tracked files now covered by .gitignore:
- .gsd/ project state (milestones, plans, summaries, db files)
- Stale lock files (bun.lock, root pnpm-lock.yaml, web/pnpm-lock.yaml)
- Preserved upstream-tracked files:
- pkg/dist/core/export-html/ (negation rules)
- packages/*/pnpm-lock.yaml (tracked upstream)
* feat(M011): PWA support — service worker, install prompt, CI workflow
Squash-merge of milestone/M011 branch.
- Serwist service worker integration with Next.js (sw.ts, sw-register.tsx)
- PWA manifest with standalone display mode and app icons
- Install prompt hook and dismissible banner component
- Web host CI workflow (.github/workflows/web.yml)
- Updated web/.gitignore for Serwist build artifacts
- validate-pack.js script addition
* refine .gitignore: track GSD project artifacts, ignore runtime state
* gitignore: restore full .gsd/ exclusion
* docs(M012): context, requirements, and roadmap
* feat(S01/T01): Squash-merged 443 upstream commits (v2.22→v2.31) into fo…
- .gitignore
- src/cli.ts
- src/resource-loader.ts
- src/resources/extensions/get-secrets-from-user.ts
- src/resources/extensions/gsd/workspace-index.ts
- package-lock.json
* chore: squash merge upstream/main (v2.22→v2.31)
Merges 443 upstream commits from v2.22 to v2.31.0. Resolves 12 conflict files. Preserves fork web-mode additions. Switches web build to webpack mode for NodeNext .js extension import compatibility.
* feat(S02/T01): Added a lowercase "beta" pill badge next to the GSD logo…
- web/components/gsd/app-shell.tsx
* feat(S03/T01): Branch FileContentViewer editable mode: non-markdown fil…
- web/components/gsd/file-content-viewer.tsx
* chore(S04/T01): Added image input pipeline for chat mode: drag-and-drop…
- web/lib/image-utils.ts
- web/components/gsd/chat-mode.tsx
- web/lib/pty-chat-parser.ts
- web/lib/gsd-workspace-store.tsx
* feat(S04/T02): Created /api/terminal/upload endpoint and wired drag-dro…
- web/app/api/terminal/upload/route.ts
- web/components/gsd/shell-terminal.tsx
* chore(S05/T01): Replaced left ShellTerminal with bridge-event Terminal…
- web/components/gsd/dual-terminal.tsx
* feat(S06/T01): Created GuidedDialog component wrapping ChatPane in a fu…
- web/components/gsd/guided-dialog.tsx
- web/components/gsd/project-welcome.tsx
* feat(S06/T02): Wired GuidedDialog into Dashboard with nullable state, o…
- web/components/gsd/dashboard.tsx
* merge upstream/main: sync with v2.31.2, resolve conflicts preserving fork web UI changes
- Version bumps: 2.31.0 → 2.31.2 across all packages
- Upstream refactors adopted: createGitService factory, dispatchUnit helper,
STATE_REBUILD_MIN_INTERVAL_MS constant extraction, KNOWN_UNIT_TYPES centralization
- New upstream features merged: environment health checks, progress score,
doctor providers, health widget, auto-reentrancy guard
- Fork-specific code preserved: web CLI branch, TTY check with --web hint,
workspace index risk/depends/demo fields, dist-redirect web/ extensionless imports
- checkExistingEnvKeys moved inline (upstream deleted env-key-utils.ts)
- Fixed 5 pre-existing test failures: edit-mode slash command parity,
gsd:web script assertion, dual-terminal store contract (moved to terminal.tsx)
* ci: consolidate web workflow into main CI pipeline
Moved web host install and build steps into the CI build job.
Removed the separate web.yml workflow.
* fix(tests): configure onboarding service in bridge/live tests for CI
Tests calling sendBridgeInput via the command route now configure
the onboarding service with in-memory auth storage. Without this,
collectOnboardingState() returns locked (no API key in CI env),
causing all command route calls to return HTTP 423.
* fix: CI and Windows portability for web mode tests
- cli.ts: early TTY check now skips when --web flag is set, allowing
headless web mode launches in CI (fixes 5 runtime harness failures)
- auto-dashboard-service.ts: convert --import path to file:// URL via
pathToFileURL() (fixes ERR_UNSUPPORTED_ESM_URL_SCHEME on Windows)
- web-mode-cli.test.ts: use resolve() for registry key lookups so
Windows-normalized paths match (fixes registerInstance/unregisterInstance)
- web-mode-assembled.test.ts: configure onboarding service with
in-memory auth for settings and slash-command tests (fixes 423 in CI)
* fix: Windows portability for all web service subprocess launchers
All 17 `--import` arguments across web service files now use
pathToFileURL().href instead of raw file paths. Node's --import
flag requires URL scheme on Windows (D:\ paths fail with
ERR_UNSUPPORTED_ESM_URL_SCHEME).
Affected services: auto-dashboard, recovery-diagnostics, hooks,
export, cleanup, forensics, history, settings, doctor, skill-health,
undo, visualizer, bridge, captures, cli-entry.
Also fixes:
- web-session-parity-contract: normalize git rev-parse output with
resolve() for Windows backslash consistency
* fix: repair web recovery diagnostics CI failures
* test: align launched-host integration flows with current web UI
* fix(ci): stabilize packaged web onboarding flow
* feat(web): render main-session native TUI in power user mode
* Update web terminal parity and eslint setup
* Fix web lint and typecheck issues
* Normalize Power User terminal headers
* Restore Geist web font loading
* fix(web): update PWA app name and icon assets
* Remove web PWA functionality
* fix(web): scope terminal surfaces to active project
* feat(web): add project creation flow
* refactor(web): centralize workflow actions and simplify dashboard
* test(web): align packaged runtime integration flows
* fix: route dashboard/sidebar CTA commands through session API and handle RPC lock conflicts
Two bugs prevented the dashboard and sidebar workflow action buttons
(New Milestone, Start Auto, Initialize Project, etc.) from working:
1. Frontend: executeWorkflowActionInPowerMode sent commands via raw
fetch to /api/bridge-terminal/input (PTY keystroke injection) instead
of the session command pipeline (/api/session/command). The agent
never received these commands. Refactored to accept a dispatch
callback that callers wire through sendCommand(buildPromptCommand()).
2. Backend: guardRemoteSession in the /gsd extension called
showNextAction() — an interactive TUI prompt — when it detected
another session's lock. In RPC/web bridge mode this blocks forever
since there is no terminal to answer the prompt. Now detects
GSD_WEB_BRIDGE_TUI=1 and emits an actionable warning notification
instead of blocking.
Files changed:
- web/lib/workflow-action-execution.ts (dispatch callback instead of raw fetch)
- web/components/gsd/dashboard.tsx (pass store-backed dispatch)
- web/components/gsd/sidebar.tsx (MilestoneExplorer + CollapsedMilestoneSidebar)
- src/resources/extensions/gsd/commands.ts (RPC-mode guard in guardRemoteSession)
* fix: terminal drag-drop image upload, Shift+Enter newline, and chat mode unified response bubble
Bug 1 - Power Mode drag-drop: Dropping images on either terminal pane
opened the file in a new tab instead of uploading. Fixed by switching
all drag/drop handlers to native DOM capture-phase listeners (React
synthetic events don't reliably fire through xterm's internal DOM).
Both panes now upload images via /api/terminal/upload and inject
@filepath into the terminal input. DualTerminal wrapper prevents
browser default file-navigation as a safety net.
Bug 2 - Chat Mode dual response: During streaming, the assistant
response and thinking indicator rendered as two separate UI blocks.
Fixed by moving thinking content inline into the assistant ChatBubble
via a new InlineThinking component. Removed the standalone
ThinkingIndicator. Thinking text now appears as a collapsible section
above the response text within the same bubble.
Bug 3 - Shift+Enter newline: xterm.js sends \r for both Enter and
Shift+Enter, but pi's TUI editor expects \n (LF) for newline
insertion. Added native DOM capture-phase keydown listeners on both
MainSessionTerminal and ShellTerminal that intercept Shift+Enter,
preventDefault to block xterm, and send \n through the input channel.
* chore: update lockfile and tsbuildinfo
* refactor: remove right-side action panel, route all commands through main bridge
- Remove ActionPanel, StructuredTerminalActionPane, and all PTY screen-scraping
infrastructure (~700 lines deleted: stripTerminalChrome, isScreenChromeLine,
normalizeScreenLine, beautifyParsedScreenContent, parseStructuredTerminalScreen,
SCREEN_* constants, hidden xterm.js terminal buffer)
- All /gsd subcommands now dispatch through the main bridge session via
sendCommand(buildPromptCommand()). No separate PTY instances.
- Add disabledDuringAuto flag to GSDActionDef. Commands that inject competing
LLM prompts are disabled while auto-mode runs:
- discuss: calls dispatchWorkflow -> pi.sendMessage (would conflict with auto)
- triage: injects triage prompt via pi.sendMessage (same conflict)
- All other commands verified safe: stop/pause control auto, steer explicitly
handles auto with HARD STEER message, capture/knowledge/skip are file IO,
status/queue/history/visualize are read-only, mode/prefs/doctor/export/
cleanup/remote are config/maintenance
- Add inline PendingUiRequest rendering in ChatPane: select (single + multi),
confirm, input, and editor requests appear as interactive chat bubbles in the
message flow with native clickable controls and post-submission confirmation
- Wire FocusedPanel in app-shell.tsx as fallback overlay for pendingUiRequests
in non-chat views (dashboard, power mode, files, etc.)
- Remove unused imports: AnimatePresence, motion, buildProjectAbsoluteUrl,
buildProjectPath, HeadlessTerminal type, compact prop
* chore: gitignore tsbuildinfo files
* onboarding overhaul: add mode, project, and remote steps; refactor existing steps
- Add step-mode.tsx for user/dev mode selection
- Add step-project.tsx for project selection/creation
- Add step-remote.tsx for remote repository configuration
- Add use-user-mode.ts hook for mode state management
- Add /api/dev-mode route for dev mode toggle
- Refactor onboarding-gate.tsx flow and step sequencing
- Refactor step-authenticate, step-dev-root, step-optional,
step-provider, step-ready, step-welcome with updated styling
- Update command-surface, app-shell, dashboard integrations
- Update dev-overrides and workflow-action-execution
* overhaul projects view, simplify boot readiness, add requireProjectCwd
- Redesign projects-view with Sheet/Dialog components and improved styling
- Simplify waitForBootReady: remove bridge phase tracking, return on first successful response
- Boot route returns minimal no-project payload when no project is configured
- Rename resolveProjectCwd → requireProjectCwd across all API routes
- Minor UI adjustments in app-shell, sidebar, terminal
* fix: update tests for upstream merge and UI refactor
Unit tests (7 fixes, 2133/2133 pass):
- smart-entry-complete: match upstream's chooser-based complete flow
- web-bridge-contract: add projectDetection to boot snapshot keys
- web-command-parity: await async registerExtension (upstream decomposition)
- web-mode-cli: update gsd:web script expectation (copy-resources added)
- web-state-surfaces: match refactored editorTextBuffer consumption
- web-workflow-action-execution: match new dispatch-based API, stub localStorage
- web-mode.ts: restore GSD_WEB_PROJECT_CWD in spawn env
Integration tests:
- web-mode-onboarding: simplify to API-only contract (locked→reject→retry→unlocked)
without fragile browser UI assertions that depend on refactored wizard flow
* Clean up dashboard header and redesign project selection gate
- Simplify dashboard header: inline scope badge with title, remove
workflow action buttons and status indicators
- Redesign project selection gate: center logo with subtitle, remove
header bar and side gutters, cleaner layout
- Remove web-mode-runtime integration test
* settings: consolidate tabs, add General panel with font size controls
- Add General tab (terminal font size + code font size) as default settings landing
- Merge Thinking into Model tab (model selection + thinking level in one panel)
- Merge Queue + Compaction + Retry into Session tab (all session behavior knobs)
- Reduce settings nav from 8 tabs to 6 (+ admin when dev mode)
- Legacy section routes (thinking, queue, compaction, retry) still render correctly
- gsd-prefs mega-scroll uses GeneralPanel instead of separate Terminal/Editor panels
* fix: file explorer & visualizer use selected project context, resizable tree panel
- Route all fetch calls in files-view, visualizer-view, and status-bar
through buildProjectUrl() so they respect the active project selection
instead of falling back to GSD_WEB_PROJECT_CWD (server startup project)
- Make file explorer tree panel resizable (180-480px) with drag handle,
matching the milestone sidebar resize pattern
* feat(web): file explorer Agent tab, merged headers, unified chat timeline
- Merge file path display + save button into single header row (3 layers → 2)
- Add Agent tab to file explorer left panel with embedded ChatPane
- Auto-open files in viewer when agent executes edit/write tools
- Show inline diff (red/green lines) for agent-edited files with auto-dismiss
- MD files default to Edit tab when agent-opened so raw changes are visible
- Unified chat timeline: tool executions render inline where they happen,
not stacked at the bottom
- Persist user messages in workspace store so they survive tab switches
- Shorten chat input placeholder to 'Message…', remove hint text
* feat(chat): persist thinking blocks and render in chronological order
- Add TurnSegment type to track thinking/text/tool events in order
- Finalize streaming content into segments at phase transitions
(thinking→text, text→thinking, tool start/end, turn boundary)
- Store completedTurnSegments parallel to liveTranscript for history
- Rebuild chat timeline from segments so thinking blocks render
in their correct position between text and tool calls
- Thinking blocks now persist after streaming ends (collapsible)
- Restyle InlineThinking to monochrome (muted-foreground) — removes
amber/warning colors for consistency with dark theme
* feat(web): add Integrations tab to settings panel for remote channel config
* feat(web): bot token input in settings and onboarding, card-based integrations panel
- Add PATCH endpoint to /api/remote-questions for saving bot tokens
to ~/.gsd/agent/auth.json (same storage as TUI key manager)
- Redesign RemoteQuestionsPanel: card-based channel picker, inline
token input with show/hide toggle, collapsible advanced settings,
connected state banner with disconnect
- Add bot token input to onboarding StepRemote with same PATCH flow
- Remove 'configure via TUI or environment' messaging — web UI now
handles the full setup end-to-end
* fix(web): address PR #1717 security review feedback
Security (blocking):
- Add bearer token auth to all API routes via Next.js middleware
- Generate random token at launch, pass to browser via URL fragment
- Add Origin/CORS validation rejecting cross-origin API requests
- Whitelist PTY commands (gsd, user shell, /bin/bash, /bin/zsh, /bin/sh)
- Restrict /api/browse-directories to devRoot scope
Cleanup:
- Move shiki, react-markdown, remark-gfm from root to web/package.json
- Remove as-any casts in input-controller.ts (extend host type properly)
- Add extensions_ready signal to RPC mode (fixes void bindExtensions race)
- Add test fixture dummy keys to .secretscanignore (fixes CI lint)
* fix(web): resolve Next.js 16 build warnings
- Rename middleware.ts → proxy.ts with proxy() export (Next.js 16 convention)
- Add @gsd/native to webpack externals (fixes package path resolution warning)
- Hide require fallback from webpack static analysis in pty-manager (fixes
critical dependency warning)
* fix(web): pass auth token to boot readiness probe
The readiness probe hits /api/boot to check server startup, but the
proxy now requires a bearer token. Thread the authToken through
waitForBootReady → requestLocalJson so the probe authenticates.
* chore: sync lockfiles after moving deps to web/package.json
* fix(test): update web-mode-cli test for auth token in browser URL
The test asserted the exact opened URL, which now includes a random
auth token fragment. Updated to pattern-match the token and verify
GSD_WEB_AUTH_TOKEN is passed consistently in the spawn env.
* fix(test): pass auth token in web-mode-onboarding integration test
The runtime harness now extracts the auth token from the browser-open
stub log and exposes it on RuntimeLaunchResult.authToken. Added
runtimeAuthHeaders() helper. Updated the onboarding test to pass
Authorization headers on all fetch calls and waitForHttpOk.
* fix(test): match renamed nextMilestoneIdReserved in smart-entry-complete test
Upstream #1569 renamed nextMilestoneId → nextMilestoneIdReserved.
Updated the regex assertion to accept both names.
* feat(web): support GSD_WEB_ALLOWED_ORIGINS for secure tunnel setups
Adds a comma-separated GSD_WEB_ALLOWED_ORIGINS env var that merges
additional origins into the CORS allowlist. Defaults to localhost-only
when unset. Enables Tailscale Serve, Cloudflare Tunnel, ngrok, etc.
The ensureNodeModulesSymlink function silently failed when: a real
directory existed instead of a symlink, the symlink target moved after
npm upgrade, or the symlink pointed to a deleted location. All three
cases left extensions unable to resolve @gsd/* packages, making GSD
completely non-functional.
Three fixes:
1. Use lstatSync to detect real directories vs symlinks and handle each
2. Verify the symlink target actually exists before considering it valid
3. Log a warning on symlinkSync failure instead of silently swallowing
4. Move ensureNodeModulesSymlink before the early-return version check
so it runs on EVERY launch, not just during resource syncs
Closes#1688
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The extension loader emits "Extension does not export a valid factory
function" for shared libraries like cmux that live in the extensions/
directory but are not extensions. Previous fixes (#1537, #1545) added
pi manifest opt-out checks in the three discovery layers, but a
defense-in-depth gap remained: if any discovery path fails to filter
a library, loadExtension() reports it as a broken extension.
Add isNonExtensionLibrary() check in loadExtension() itself. When a
module does not export a factory function, the loader now checks the
nearest package.json for a "pi" manifest with no declared extensions
before reporting an error. Libraries with "pi": {} are silently
skipped instead of producing a spurious error on every startup.
Fixes#1709
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(search): keep loop guard armed after firing to prevent infinite loop restart (#1671)
The consecutive duplicate search guard introduced in #949 reset both
`lastSearchKey` and `consecutiveDupeCount` to their zero-values when the
threshold was hit. This meant the very next identical call was treated as
a brand-new first search, restarting the window from scratch. The guard
fired every MAX_CONSECUTIVE_DUPES+1 calls but never permanently broke
the loop — the LLM could continue indefinitely with brief interruptions.
Remove the two reset lines on guard trigger so the state stays armed.
Every subsequent duplicate now immediately re-triggers the guard instead
of getting a fresh allowance. The counter still resets normally when a
different query is issued, preserving legitimate re-search behaviour.
Adds regression tests covering: initial threshold fire, persistent
re-triggering after the first fire, and clean reset on query change.
* fix(search): reset duplicate-loop guard on session start
* fix(gsd extension): detect initialized projects in health widget
Use .gsd presence plus project-state detection for the health widget so bootstrapped projects no longer appear as unloaded before metrics exist.
* fix(gsd extension): detect initialized projects in health widget
Use .gsd presence plus project-state detection for the health widget so bootstrapped projects no longer appear as unloaded before metrics exist.
* feat(gsd): activate matching skills in dispatched prompts
Inject skill activations from installed skills, preferences, and task-plan handoff so GSD agents load the right skills automatically instead of relying on generic guidance. Align prompt templates and tests with the activation flow and current resource sync behavior.
* fix(gsd extension): detect initialized projects in health widget
Use .gsd presence plus project-state detection for the health widget so bootstrapped projects no longer appear as unloaded before metrics exist.
* fix(gsd extension): restore health widget build paths
* test(resource-loader): fix sibling cleanup assertion
* fix: apply pi manifest opt-out to extension-discovery.ts (#1537 follow-up)
The cmux fix in #1537 patched resolveExtensionEntries() in
packages/pi-coding-agent/src/core/extensions/loader.ts to honor
"pi": {} as an opt-out from auto-discovery. However, there is a
second copy of resolveExtensionEntries() in src/extension-discovery.ts
that was not updated. This is the version actually used at startup
by loader.js via discoverExtensionEntryPaths().
As a result, cmux/index.js is still discovered and loaded as an
extension on startup, producing:
Extension does not export a valid factory function: .../cmux/index.js
Fix: Apply the same authoritative-manifest logic to the
extension-discovery.ts copy. When a package.json has a "pi" field,
treat it as authoritative and return early — either with declared
extension paths or an empty array for library opt-out.
Tests: 7 new tests covering resolveExtensionEntries and
discoverExtensionEntryPaths behavior for opt-out, declared
extensions, and fallback discovery.
* fix: apply pi manifest opt-out to package-manager.ts (third copy)
There are THREE copies of resolveExtensionEntries():
1. packages/pi-coding-agent/src/core/extensions/loader.ts (fixed in #1537)
2. src/extension-discovery.ts (fixed in previous commit)
3. packages/pi-coding-agent/src/core/package-manager.ts (THIS commit)
Copy #3 is used by collectAutoExtensionEntries() which is called from
addAutoDiscoveredResources() during DefaultPackageManager.resolve().
This is the actual code path that discovers ~/.gsd/agent/extensions/cmux
and passes it to loadExtensions(), producing the factory function error.
* fix: rewrite pi.extensions .ts paths to .js during resource copy
copy-resources.cjs compiles .ts → .js via tsc but copies package.json
files verbatim. Extensions with pi.extensions: ["./index.ts"] end up
in dist/ pointing to a .ts file that doesn't exist (only .js does).
This causes resolveExtensionEntries() to find no valid entry points,
silently skipping the extension. Affected: gsd, browser-tools, context7,
google-search, universal-config — all extensions with pi manifests.
Fix: When copying package.json files, rewrite .ts/.tsx extensions in
pi.extensions arrays to .js so they match the compiled output.
* fix: add missing commands to /gsd description and rate sub-completions
- Add 9 missing commands to the description string: widget, rate, park,
unpark, init, setup, logs, inspect, extensions
- Add sub-completions for /gsd rate (over/ok/under)
* feat: grid layout for parallel cmux splits and completion trailing-space fix
CmuxClient.createGridLayout(count) pre-creates a tiled grid of surfaces
before launching parallel agents, instead of the previous approach of
creating splits per-agent with alternating right/down directions.
Grid layout strategy:
1 agent: [gsd | A]
2 agents: [gsd | A] (A split down)
[ | B]
3 agents: [gsd | A] (2x2 grid)
[ C | B]
4 agents: [gsd | A] (additional splits from bottom-right)
[ C | B]
[ | D]
Changes:
- Add CmuxClient.createSplitFrom(sourceSurfaceId, direction) to split
from a specific surface rather than always the gsd surface
- Add CmuxClient.createGridLayout(count) that builds the grid and
returns surface IDs in order
- Update runSingleAgentInCmuxSplit to accept a pre-created surface ID
(string) or a direction for backward compatibility
- Parallel dispatch pre-creates grid, assigns each agent a surface
- Fix getArgumentCompletions trailing-space handling so sub-completions
work (e.g., /gsd cmux <tab> now shows status/on/off/etc.)
- 5 new tests for grid layout logic
* feat(ui): add GSD welcome screen on interactive startup
Renders a two-panel boxed welcome screen to stderr before the TUI
takes over, mirroring the style of the Claude Code welcome screen.
Left panel — personalized greeting, GSD ASCII logo, active model + cwd
Right panel — getting-started tips, recent session activity
The screen is printed to stderr immediately before InteractiveMode.run(),
so it appears on launch and reappears when the TUI exits (alternate-screen
buffer swap). It silently skips when not a TTY or terminal < 60 cols.
Files:
src/welcome-screen.ts — printWelcomeScreen() implementation
src/cli.ts — call site before interactiveMode.run()
src/tests/welcome-screen.test.ts — 11 unit tests (all passing)
* refactor(ui): minimal welcome screen — logo + metadata, no box
Replace two-panel boxed layout with a minimal design:
logo block with version/model/cwd alongside it, dim hint below.
No box borders, no tips panel. Clean and fast.
* feat(ui): show tool status line (Brave/Jina/Tavily) when keys are configured
The Anthropic API's max_uses resets per request — when pause_turn triggers
a resubmit, the model gets a fresh budget each time. This allowed unlimited
total searches across a research unit, overwhelming the TUI render buffer.
Fix:
- Count web_search_tool_result blocks in conversation history on each
before_provider_request to track cumulative searches per session
- Cap total native searches at 15 per session (3 full turns of 5)
- Dynamically set max_uses to min(5, remaining) — preserves per-turn cap
while enforcing session ceiling
- When budget exhausted, omit web_search tool entirely instead of letting
the model hit max_uses_exceeded repeatedly
- Reset counter on session_start (new agent unit)
- Add web search budget guidance to research prompts (defense in depth)
Tests: 5 new tests covering budget tracking, exhaustion, and reset.
All 35 native-search tests pass.
* rfc: GitOps branching & versioning strategy proposal
Proposes a Git-Flow Lite model with automated integration branches:
main ← production-ready, tagged releases only
next ← integration branch for next minor (PRs target here)
release/X.Y ← stabilization branch, only bugfixes allowed
hotfix/X.Y.Z ← emergency fixes cherry-picked to release
Includes:
- RFC document with lifecycle diagrams, migration path, open questions
- Workflow scaffolds (in docs/proposals/workflows/, NOT .github/):
- create-release.yml: manual dispatch to cut release branch from next
- sync-next.yml: auto-sync next branch after version tags
- backmerge.yml: auto back-merge release fixes to next
This is an experimental proposal requesting community feedback before
any implementation. The workflow files are inert scaffolds — they do
not run in CI.
* fix: prevent ensureGitignore from adding .gsd when tracked in git (#1364)
CRITICAL DATA-LOSS FIX: ensureGitignore() unconditionally added '.gsd' to
.gitignore even when .gsd/ was a real git-tracked directory, causing git to
report ~889 tracked files as deleted.
Root cause: BASELINE_PATTERNS included '.gsd' unconditionally, and the
gitignore modification ran BEFORE migration checks in auto-start.ts.
Changes:
- Add hasGitTrackedGsdFiles() helper using nativeLsFiles to detect tracked
.gsd/ content
- ensureGitignore() now skips the '.gsd' pattern when .gsd/ has tracked files
- untrackRuntimeFiles() now skips entirely when .gsd/ has tracked files
- migrateToExternalState() aborts when .gsd/ has tracked files
- Reorder auto-start.ts: migration runs BEFORE gitignore modification
- Add 8 regression tests covering all scenarios
Fixes#1364
* fix: break recursive dialog loop when all milestones complete (#1348)
Two interacting bugs:
1. Recursive dialog loop: When all milestones are complete, bootstrapAutoSession
calls showSmartEntry → sets pendingAutoStart → checkAutoStartAfterDiscuss
calls startAuto → bootstrapAutoSession → showSmartEntry → infinite loop.
The discuss workflow completes without producing a milestone directory, so
phase stays 'complete' and the cycle never breaks.
Fix: Add a re-entry counter (_consecutiveCompleteBootstraps) that tracks
how many times bootstrapAutoSession enters the 'complete' branch without
advancing. After 2 consecutive attempts, break the loop with a warning
message and return false.
2. Missing _releaseFunction = null in retry lock onCompromised handler:
The retry lock path in session-lock.ts set _lockCompromised but didn't
null out _releaseFunction, which could leave a stale reference that
masks the compromise detection in validateSessionLock().
Fixes#1348
* fix: self-heal stale roadmap checkbox for interrupted complete-slice (#1350)
When complete-slice is interrupted after writing SUMMARY.md and UAT.md but
before flipping the roadmap checkbox, auto-mode enters an infinite loop —
re-launching the same complete-slice unit because the dispatch loop uses
the roadmap checkbox as the sole 'slice done' signal.
Fix: Add a self-heal case in selfHealRuntimeRecords that detects when
SUMMARY + UAT exist but the roadmap checkbox is unchecked, and auto-fixes
the checkbox. This allows the verification to pass and the dispatch loop
to advance.
Fixes#1350
* fix: add EISDIR guard to complete/validate milestone prompts (#1343)
The LLM was passing tasks/ directory paths to the read tool during
milestone completion, causing EISDIR crashes. Added file system safety
instructions to both complete-milestone and validate-milestone prompts
telling the LLM to use ls/find for directory listing, not the read tool.
Fixes#1343
* feat: improve extension conflict messages with removal guidance (#1347)
When a user extension registers tools/commands that now ship as built-ins,
the conflict message now includes '(built-in tool supersedes — consider
removing <path>)' and the log level is downgraded from 'Extension load error'
to 'Extension conflict'.
Changes:
- resource-loader.ts: detect built-in vs user extension conflicts, add hint
- cli.ts: downgrade severity for superseded-tool conflicts
Fixes#1347
* test: fix always-skipped preferences test, add test:marketplace script
- preferences.test.ts: Replace always-skipped getIsolationMode test with
a filesystem-independent version that validates the default through
validatePreferences() instead of reading ~/.gsd/preferences.md.
Reduces skipped count from 3 → 2.
- package.json: Add test:marketplace script for running marketplace
contract tests (claude-import-tui, plugin-importer-live,
marketplace-discovery) with GSD_TEST_CLONE_MARKETPLACES=1.
These tests need external repos and self-skip in unit test runs.
Remaining 2 skips:
- Marketplace contract test suites (need external repos, run via test:marketplace)
- Windows-only tests in validate-directory.test.ts are platform-conditional
and correctly skip on macOS
* fix: use execFileSync in regression tests for Windows portability
The regression tests used execSync with shell-dependent constructs:
- '&&' command chaining (works in bash/cmd but fragile)
- Single-quoted commit messages (bash-only, cmd.exe splits on spaces)
Replaced with execFileSync via a git() helper that bypasses the shell
entirely. Each git operation is a separate call with proper argument
arrays, eliminating all shell interpretation issues.
Fixes windows-portability CI failure.
* fix: guard milestone completion against missing slice summaries (#1368)
Auto-mode could report a milestone as complete after executing only the
last slice, skipping earlier unexecuted slices. The milestone completion
signal fired based on roadmap checkbox state, which could be stale or
inconsistent after worktree transitions.
Changes:
- auto-dispatch.ts: Added slice SUMMARY file existence check to both
validating-milestone and completing-milestone dispatch rules. If any
slice lacks a SUMMARY file, dispatch stops with a diagnostic error
instead of proceeding to validation/completion.
- validate-milestone.test.ts: Updated tests to create slice summary
files (required by the new guard).
- file-watcher.test.ts: Fixed flaky 'auth.json change emits auth-changed
event' test by adding watcher initialization delay and increasing event
propagation timeout (race condition when run in full suite).
Fixes#1368
* fix: warn on common misspelled preference keys + verify field guidance (#1373, #1341)
#1373: Users setting 'taskIsolation.mode: none' instead of 'git.isolation: none'
got a generic 'unknown key' warning. Added KEY_MIGRATION_HINTS that map common
misspellings (taskIsolation, task_isolation, isolation, manage_gitignore, auto_push,
main_branch) to their correct git.* equivalents with actionable messages.
#1341: Planning agent writes aspirational prose in Verify fields ('Sections 3.1
and 3.2 exist with exact formulas. Zero TBD.') instead of executable commands.
Added explicit verify field rules to the plan template: must be mechanically
executable, with examples of good vs bad patterns for content tasks.
Fixes#1373, partially addresses #1341
* refactor: extract roadmap-mutations.ts + shared test-utils.ts
Consolidation:
- roadmap-mutations.ts: Extracted markSliceDoneInRoadmap() and markTaskDoneInPlan()
from duplicated implementations in doctor.ts, mechanical-completion.ts, and
auto-recovery.ts. All three callers used identical regex patterns.
mechanical-completion.ts and auto-recovery.ts now import the shared utility.
(doctor.ts deferred — touched by PR #1349)
- test-utils.ts: Shared cross-platform test utilities for GSD extension tests.
Provides git() helper (execFileSync, no shell), makeTempRepo() with
core.autocrlf=false, cleanup(), createFile(), safeReadFile(), and
writeMilestoneFixture(). 12 test files currently define their own versions
of these helpers — new tests should import from test-utils.ts instead.
Security audit: No injection vectors (sid/tid are alphanumeric from roadmap
parser), no path traversal, no secrets, no new dependencies.
* fix: port conflict false positive on non-Node projects + paused worktree resume (#1381, #1383)
projects without package.json. macOS AirPlay Receiver listens on port 5000,
causing a spurious warning on non-Node projects.
Fix: Skip port checks entirely when no package.json exists. When using
default ports, filter out 5000 on macOS.
in-memory only. Re-entering /gsd started a fresh bootstrap from the project
root instead of the active worktree.
Fix: pauseAuto() now writes paused-session.json to .gsd/runtime/ with
milestoneId, worktreePath, originalBasePath, and stepMode. startAuto()
checks for this file before bootstrap and restores the paused session
context, including worktree re-entry. stopAuto() cleans up the file.
Fixes#1381, #1383
* fix: catch spawn ENOENT in uncaught exception guard + snapshot session lock path (#1384, #1363)
uncaught exception and crashes auto-mode. The EPIPE guard now also catches
ENOENT from spawn syscalls — logs the error and continues instead of
terminating the process.
the lock path differently via gsdRoot() because basePath could be either the
project root or a worktree path. gsdRoot() produces different results for
each, so the lock was written to one path and validated against another.
Fix: Snapshot the resolved lock path (_snapshotLockPath) at acquisition time
and reuse it for all subsequent lock operations within the session.
Fixes#1384, #1363
* fix: suppress false-positive lock compromise + skip migration with active worktrees (#1362, #1337)
because the event loop stall delays the heartbeat mtime update. The handler
now checks elapsed time since acquisition — if within the 30-minute stale
window, it logs a warning and continues instead of setting _lockCompromised.
Real takeovers (past the stale window) still trigger the compromise flag.
even when .gsd/worktrees/ contained active git worktrees with locked
directory handles. This caused EBUSY errors and destructive data loss.
Migration now checks for active worktree directories and skips entirely
if any are found.
Fixes#1362, #1337
* refactor: replace recursive auto-dispatch with linear autoLoop, delete ~3k lines of dead code
Replace the complex recursive dispatch system (dispatchNextUnit, reentrancy
guards, stall detection, idempotency tracking, skip-depth machinery) with a
simple linear while(s.active) loop in auto-loop.ts.
Key changes:
- New auto-loop.ts with autoLoop(), runUnit(), resolveAgentEnd()
- Deleted auto-idempotency.ts, auto-stuck-detection.ts, session-lock.ts,
mechanical-completion.ts, progress-score.ts, auto-constants.ts, unit-id.ts
- Extracted WorktreeResolver class for worktree path resolution
- Added auto-worktree-sync.ts for worktree synchronization
- Simplified auto.ts from ~1400 lines to ~400 lines
- Fixed 9 TypeScript errors (NotifyCtx type widening, capture typing)
- Comprehensive test coverage: 32 auto-loop tests + worktree resolver/DB tests
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: address 6 audit findings in auto-loop refactor
1. CRITICAL: Move pendingResolve to AutoSession + queue orphaned agent_end
events instead of silently dropping them. Prevents permanent stalls when
error-recovery sendMessage retries fire between loop iterations.
2. HIGH: Scope pendingResolve per-session via _activeSession ref, preventing
concurrent /gsd auto sessions from corrupting each other's promises.
3. HIGH: Replace console.log in dispatchHookUnit with debugLog to prevent
hook prompt content (potentially containing secrets) from leaking to stdout.
4. HIGH: Restore parked milestone handling in state.ts — Phase 1 skips
parked milestones so they don't satisfy depends_on, Phase 2 registers
them as 'parked' status. Add 'parked' to MilestoneRegistryEntry type.
5. MEDIUM: Restore queuePhaseActive parameter in shouldBlockContextWrite
and re-export setQueuePhaseActive for guided-flow-queue.ts consumers.
6. MEDIUM: Add MAX_LOOP_ITERATIONS (500) lifetime cap to autoLoop to prevent
runaway loops when units alternate between IDs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: resolve build breakers, add correctness fixes, and graduated recovery
Build breakers (CRITICAL):
- Restore unit-id.ts (deleted but still imported by complexity-classifier.ts, metrics.ts)
- Restore progress-score.ts (deleted but still imported by commands.ts, dashboard-overlay.ts, doctor.ts)
- Rewrite worktree-sync-milestones.test.ts to use new syncProjectRootToWorktree API
Correctness fixes (MEDIUM):
- Cap pendingAgentEndQueue to 3 entries to prevent unbounded growth from stale events
- Add milestoneId path traversal validation in WorktreeResolver
- Clear depthVerificationDone on session_start to prevent cross-session leaks in RPC mode
- Add verification gate for non-hook sidecar units (triage, quick-tasks)
- Remove dead handleAgentEnd import from index.ts
Graduated recovery (Jeremy's feedback):
- Blanket try/catch around loop body — one bad iteration no longer kills the session
- Graduated stuck recovery: at count 3 try artifact verification + cache invalidation,
at count 5 hard stop (was: binary stop at 5 with no recovery attempt)
- Graduated error recovery: 1st error retries, 2nd invalidates caches, 3rd stops
Test results: 32/32 auto-loop, 28/28 worktree-resolver, 11/11 sidecar-queue, tsc clean.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: restore copyWorktreeDb/reconcileWorktreeDb exports and fix loadToolApiKeys import
Two missing exports caused ~90% of the 120 pre-existing test failures:
1. copyWorktreeDb + reconcileWorktreeDb — imported by auto-worktree.ts but
never added to gsd-db.ts. Restored with the original implementations.
2. loadToolApiKeys — moved to commands-config.ts but index.ts still imported
from commands.ts. Fixed the import path.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: move loadToolApiKeys import to commands-config.js
loadToolApiKeys was moved to commands-config.ts but index.ts still
imported it from commands.ts, causing runtime failures in all tests
that transitively load the extension entry point.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* test: fix provider error assertion on windows
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
getSessionStats() calculated cost by summing usage from assistant messages
in state.messages. After auto-compaction, pre-compaction messages are
replaced by a compactionSummary with no usage field — dropping the cost.
Fix: Added cumulative accumulators (_cumulativeCost, _cumulativeInputTokens,
_cumulativeOutputTokens, _cumulativeToolCalls) that are incremented on
every assistant message event, independent of the message array.
getSessionStats() now returns max(array-sum, cumulative) to ensure
monotonically non-decreasing values.
Fixes#1423
* fix: sync worktree completion artifacts back to external state before merge (#1412)
When a worktree's .gsd/ was a real directory (not symlinked to external
state), milestone completion artifacts (SUMMARY, VALIDATION, updated
ROADMAP) were written locally but never synced back. The project root's
deriveState() read from external state and found no SUMMARY — reporting
the milestone as incomplete.
Changes:
- auto-worktree.ts: Added syncWorktreeStateBack() that copies milestone
and slice .md files from worktree .gsd/ to the main external state dir
- auto.ts: Call syncWorktreeStateBack() in tryMergeMilestone before the
git merge, ensuring artifacts are visible from the project root
Fixes#1412
* fix: emit agent_end after abort during tool execution (#1414)
When a user aborts a turn while a tool call is running, the abort RPC
succeeds but agent_end was never emitted. RPC consumers tracking turn
lifecycle via events got stuck in a 'streaming' state permanently.
Fix: After abort() + waitForIdle(), emit a synthetic agent_end if the
agent is no longer streaming. This ensures consumers always see the
turn-complete signal regardless of how the turn ended.
Fixes#1414
initResources() only re-synced when the GSD version changed. This meant
same-version content fixes (e.g. the subagent bundled-extension-paths.js
import fix in a2a701b1) never reached ~/.gsd/agent/extensions/ because
the version-only check saw 2.28.0 == 2.28.0 and skipped the sync.
Add a lightweight content fingerprint (sha256 of file paths + sizes) to
the managed-resources.json manifest. On startup, if the version matches
but the fingerprint doesn't, resources are re-synced. This covers:
- npm link dev workflows where source changes without version bumps
- hotfixes within a release that change bundled extension content
- upgrades from manifests without contentHash (treated as stale)
Cost: ~1ms of stat calls on ~100 files — no file reads needed.
* feat: add pre-commit secret scanner and CI secret detection
Add a comprehensive secret scanning system to prevent accidental
credential leaks in commits and pull requests:
- scripts/secret-scan.sh: ERE-based scanner (macOS/Linux compatible)
that detects AWS keys, API tokens, private keys, database URLs,
GitHub/GitLab/Slack/Stripe/Google/npm tokens, and hardcoded passwords
- scripts/install-hooks.sh: one-command git pre-commit hook installer
- .secretscanignore: allowlist for known false positives (test fixtures,
env var references, placeholder values)
- CI job: secret-scan step in ci.yml scans PR diffs against origin/main
- npm scripts: test:secret-scan, secret-scan, secret-scan:install-hook
- 17 tests covering detection, non-detection, binary skipping, CI mode
* fix: exclude secret-scan test file from CI scanning
The test file contains intentional fake secrets as test inputs.
Add it to .secretscanignore so CI doesn't flag them.
* fix: skip secret-scan tests on Windows (requires bash/POSIX grep)
- Add version-match early return to initResources() — skips ~800ms of
synchronous rmSync + cpSync when managed-resources.json already matches
the running GSD version (steady-state on every launch)
- Consolidate package.json reads in loader.ts from 3 to 1 — single read
reused for --version, --help, banner, and GSD_VERSION env var
- Replace blocking checkAndPromptForUpdates() with passive checkForUpdates()
to avoid blocking startup on npm registry fetch + user prompt (up to 5s)
- Cache bundled extension keys in resource-loader to avoid redundant
filesystem scan in buildResourceLoader()
- Use GSD_VERSION env var in getBundledGsdVersion() to skip package.json
re-read from resource-loader.ts
- Add test verifying version-skip behavior: marker file survives when
versions match, gets cleaned on mismatch
* fix: add barrel files for remote-questions, ttsr, and shared extensions
Centralizes public API surface for three extension directories behind
index.ts barrel files. External consumers now import from the barrel
instead of reaching into internal module files, reducing coupling and
making future refactors safer.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: rename barrel files to mod.ts to avoid extension loader auto-discovery
The extension loader auto-discovers extensions by looking for index.ts files
inside extensions/*/ directories. remote-questions/ and shared/ are utility
directories, not extensions — their index.ts barrel files caused load failures.
Renamed to mod.ts which the loader ignores, and updated all import paths.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(search): consolidate duplicate Brave API helper functions
getBraveApiKey() and braveHeaders() were duplicated across provider.ts,
tool-llm-context.ts, and tool-search.ts. Export both from provider.ts
and import in the tool files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix(test): update provider export count to include braveHeaders
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
