@hegemonart/get-design-done 1.20.0 → 1.22.0

package/.claude-plugin/marketplace.json

@@ -5,14 +5,14 @@
   },
   "metadata": {
     "description": "Get Design Done — 5-stage agent-orchestrated design pipeline with 9 connections, handoff-first workflow, bidirectional Figma write-back, 22+ specialized agents, queryable knowledge layer (intel store, dependency analysis, learnings extraction), and a self-improvement loop (reflector, frontmatter + budget feedback, global-skills layer). v1.20.0 ships the SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream, and resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) for rate-limit + 429 + context-overflow recovery. Full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows) and release automation (auto-tag + GitHub Release + release-time smoke test).",
-    "version": "1.20.0"
+    "version": "1.22.0"
   },
   "plugins": [
     {
       "name": "get-design-done",
       "source": "./",
       "description": "Agent-orchestrated 5-stage design pipeline: Brief → Explore → Plan → Design → Verify. 22+ specialized agents, 9 connections (Figma, Refero, Preview, Storybook, Chromatic, Figma Writer, Graphify, Pinterest, Claude Design), Claude Design handoff, bidirectional Figma write-back, and a queryable intel store (.design/intel/) for dependency and learnings queries. Standalone commands: style, darkmode, compare, figma-write, graphify, handoff, analyze-dependencies, skill-manifest, extract-learnings. Embeds NNG heuristics, WCAG thresholds, typographic systems, motion framework, and anti-pattern catalog. Ships with a full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows) and release automation. Optimization layer (v1.0.4.1, retroactive): gdd-router + gdd-cache-manager skills, PreToolUse budget-enforcer hook, tier-aware agent frontmatter, lazy checker gates, streaming synthesizer, /gdd:warm-cache + /gdd:optimize commands, and cost telemetry at .design/telemetry/costs.jsonl — targeting 50-70% per-task token-cost reduction with no quality-floor regression. v1.20.0 SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream at .design/telemetry/events.jsonl, resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) with rate-limit + 429 + context-overflow recovery, and TypeScript toolchain.",
-      "version": "1.20.0",
+      "version": "1.22.0",
       "author": {
         "name": "hegemonart"
       },
@@ -62,16 +62,13 @@
         "cost-optimization",
         "cache-aware",
         "budget",
-        "component-specs",
-        "design-system-benchmarks",
-        "component-conformance",
-        "convergence-detector",
-        "i18n",
-        "user-research",
-        "information-architecture",
-        "form-patterns",
-        "data-viz",
-        "platforms"
+        "headless",
+        "cli",
+        "codex",
+        "gemini",
+        "mcp",
+        "parallel-agents",
+        "agent-sdk"
       ]
     }
   ]

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "get-design-done",
   "short_name": "gdd",
-  "version": "1.20.0",
+  "version": "1.22.0",
   "description": "Agent-orchestrated 5-stage design pipeline: Brief → Explore → Plan → Design → Verify. 22+ specialized agents, 9 connections (Figma, Refero, Preview, Storybook, Chromatic, Figma Writer, Graphify, Pinterest, Claude Design), handoff-first workflow via Claude Design bundles, bidirectional Figma write-back (annotations, Code Connect), queryable intel store (`.design/intel/`) for O(1) design surface lookups, and self-improvement loop (reflector agent, frontmatter + budget feedback, global-skills layer at `~/.claude/gdd/global-skills/`). Standalone commands: style, darkmode, compare, figma-write, graphify, handoff, analyze-dependencies, skill-manifest, extract-learnings, reflect, apply-reflections. Embeds NNG heuristics, WCAG thresholds, typographic systems, motion framework, and anti-pattern catalog. Ships with a full CI/CD pipeline (Node 22/24 × Linux/macOS/Windows, lint + schema + frontmatter + stale-ref + shellcheck + gitleaks + injection-scan + blocking size-budget) and release automation (auto-tag + GitHub Release + release-time smoke test). Optimization layer (v1.0.4.1, retroactive): gdd-router + gdd-cache-manager skills, PreToolUse budget-enforcer hook, tier-aware agent frontmatter, lazy checker gates, streaming synthesizer, /gdd:warm-cache + /gdd:optimize commands, and cost telemetry at .design/telemetry/costs.jsonl — targeting 50-70% per-task token-cost reduction with no quality-floor regression. v1.20.0 SDK foundation: gdd-state MCP server (11 typed tools), lockfile-safe STATE.md mutations, event stream at .design/telemetry/events.jsonl, resilience primitives (jittered-backoff, rate-guard, error-classifier, iteration-budget) with rate-limit + 429 + context-overflow recovery, and TypeScript toolchain.",
   "author": {
     "name": "hegemonart",
@@ -53,36 +53,13 @@
     "cost-optimization",
     "cache-aware",
     "budget",
-    "iconography",
-    "brand-voice",
-    "performance-budget",
-    "framer-motion",
-    "motion-design",
-    "micro-polish",
-    "surfaces",
-    "make-interfaces-feel-better",
-    "palette-catalog",
-    "style-vocabulary",
-    "industry-palettes",
-    "ui-style-vocabulary",
-    "variable-fonts",
-    "container-queries",
-    "view-transitions",
-    "motion-vocabulary",
-    "motion-easings",
-    "transition-taxonomy",
-    "gesture-mechanics",
-    "clip-path-animation",
-    "component-specs",
-    "design-system-benchmarks",
-    "component-conformance",
-    "convergence-detector",
-    "i18n",
-    "user-research",
-    "information-architecture",
-    "form-patterns",
-    "data-viz",
-    "platforms"
+    "headless",
+    "cli",
+    "codex",
+    "gemini",
+    "mcp",
+    "parallel-agents",
+    "agent-sdk"
   ],
   "skills": [
     "./skills/"

package/CHANGELOG.md

@@ -4,6 +4,206 @@ All notable changes to get-design-done are documented here. Versions follow [sem
 
 ---
 
+## [1.22.0] — 2026-04-25
+
+Phase 22 GDD SDK Observability milestone — the single-typed `BaseEvent` envelope from Phase 20 grows into a queryable, redacted, transport-able observability layer with tail/grep/WebSocket consumers and a causal event chain. 10 plans (22-01 through 22-10), additive — every Phase 20 + Phase 21 consumer keeps working unchanged.
+
+### Added
+
+- **Expanded event-type registry** — 17 new pre-registered subtypes alongside
+  the 6 from Phase 20: `wave.started`, `wave.completed`, `blocker.added`,
+  `decision.added`, `must_have.added`, `parallelism.verdict`, `cost.update`,
+  `rate_limit`, `api.retry`, `compact.boundary`, `mcp.probe`,
+  `reflection.proposed`, `connection.status_change`, `tool_call.started`,
+  `tool_call.completed`, `agent.spawn`, `agent.outcome`. The envelope
+  remains open (`type: string`); the `KnownEvent` union is an additive
+  overlay for typed `switch` consumers. Runtime `KNOWN_EVENT_TYPES` list
+  exported for the CLI's `list-types` subcommand. (Plan 22-01)
+
+- **Secret scrubber** — `scripts/lib/redact.cjs` deep-walks every event
+  payload and replaces secret-shaped strings with `[REDACTED:<type>]`
+  placeholders. Patterns: `sk-ant-…` (anthropic), `sk_live_…` (stripe),
+  `xox[baprs]-…` (slack), `ghp_…` (github_pat), `AKIA…` (aws), generic
+  `sk-…`, `eyJ…` JWTs, and full `-----BEGIN/END-----` PEM blocks.
+  Wired into `EventWriter.serialize()` so every event hitting disk and
+  every bus subscriber sees the scrubbed form — single rule everywhere,
+  no escape hatch. (Plan 22-02)
+
+- **Per-tool-call trajectory stream** — `.design/telemetry/trajectories/<cycle>.jsonl`
+  receives one line per agent tool-use:
+  `{ts, agent, tool, args_hash, result_hash, latency_ms, status}`.
+  Args + result are sha256-prefix-hashed (16 chars) — line size stays
+  bounded; prompt content stays de-identified. Captured by the new
+  PostToolUse:Agent hook `hooks/gdd-trajectory-capture.js`. (Plan 22-03)
+
+- **Append-only event chain** — `.design/gep/events.jsonl` (gep =
+  "GDD Event Provenance"). One line per causal hop: `{event_id,
+  parent_event_id, ts, agent, decision_refs, outcome, rollback_reason?}`.
+  `appendChainEvent()` auto-generates UUIDs; `walkParents()` traces a
+  row up to its root for `/gdd:audit --retroactive`. Cycle-safe; skips
+  invalid lines; lives separately from the firehose so audits don't
+  scan unrelated rows. (Plan 22-04)
+
+- **Typed event reader + aggregator** — `readEvents({path, type,
+  predicate, since, until})` returns an async streaming iterator over
+  `events.jsonl` (readline + createReadStream — no full-file load,
+  GB-scale logs OK). `aggregate()` rolls events up by type, stage,
+  cycle, agent + totals (count, error_count, truncated_count). Exposed
+  from the public event-stream API. (Plan 22-05)
+
+- **CLI transport** — `gdd-events` bin entry, subcommands:
+  `tail [--follow]` (250ms-poll follow mode, no native inotify dep);
+  `grep <terms…>` with hand-rolled filter language
+  (`type=foo`, `payload.x.y=bar`, `!type=baz`, multiple = AND);
+  `cat` pretty-print with timestamp+type prefix; `list-types` runtime
+  registry dump; `serve` for the WebSocket transport. (Plan 22-06)
+
+- **WebSocket transport** — `scripts/lib/transports/ws.cjs` exposes
+  `startServer({port, token, tailFrom?, subscribe?})`. Loaded via
+  `probeOptional('ws')` — clear install hint when absent. Auth:
+  `Authorization: Bearer <token>` on the upgrade; mismatched →
+  HTTP 401 close. Tail replay sends `tailFrom`'s contents to new
+  clients before subscribing them to the live bus. Fire-and-forget
+  delivery; closed sockets dropped silently. `ws@8` declared as
+  optional dep. (Plan 22-07)
+
+- **Connection probe primitive** — `scripts/lib/connection-probe/`
+  exposes `probe({name, cmd, timeout, retries, fallback})` →
+  `{status: 'ok'|'degraded'|'down', latency_ms, attempts,
+  fallback_used, error?}`. Backoff between retries via
+  `jittered-backoff.cjs`. State persisted at
+  `.design/telemetry/connection-state.json` (atomic .tmp+rename).
+  Status transitions emit `connection.status_change` events through a
+  caller-supplied `emit` callback — transitions only, not every probe.
+  Replaces ad-hoc bash probe snippets in `connections/`. (Plan 22-08)
+
+- **Hook → event-stream wire-in** — new `hooks/_hook-emit.js` shared
+  helper wraps `appendEvent()` in try/catch (hooks must NEVER throw on
+  telemetry failure). Wired hooks emit `hook.fired` events on every
+  decision: `gdd-bash-guard` (allow/block + severity + pattern),
+  `gdd-protected-paths` (allow/block + matched glob),
+  `gdd-decision-injector` (inject/no-hits + backend label).
+  Trajectory-capture (Plan 22-03) already emits via its own path.
+  Additive — zero behavior change to existing hook contracts. (Plan 22-09)
+
+### Changed
+
+- `EventWriter.serialize()` now runs `redact()` on the event before
+  JSON-stringifying. Persisted form is the canonical scrubbed form.
+  All 27 Phase 20 event-stream tests still pass. (Plan 22-02 wire-in)
+
+- `hooks.json` registers a new `PostToolUse:Agent` matcher pointing at
+  `gdd-trajectory-capture.js`. The existing `PreToolUse:Agent`
+  budget-enforcer is unaffected. (Plan 22-03 registration)
+
+### Tests
+
+- `tests/event-types-registry.test.ts` — registry expansion (4 tests)
+- `tests/redact.test.cjs` — secret scrubber (12 tests)
+- `tests/event-stream-redact-integration.test.ts` — write-time wire-in (2 tests)
+- `tests/trajectory-capture.test.cjs` — module + hook subprocess (7 tests)
+- `tests/event-chain.test.cjs` — chain + walk + cycle defense (10 tests)
+- `tests/event-reader.test.ts` — reader + aggregator (8 tests)
+- `tests/cli-events.test.cjs` — CLI subcommands + filter language (10 tests)
+- `tests/ws-transport.test.cjs` — WebSocket auth + replay + live (5 + 1 skip)
+- `tests/connection-probe-primitive.test.cjs` — retry + fallback + emit (9 tests)
+- `tests/hook-emit-wire.test.cjs` — bash-guard + protected-paths emission (4 tests)
+- `tests/phase-22-baseline.test.cjs` — Phase 22 regression baseline (12 tests)
+
+Total: 84 new tests. All Phase 20/21 tests still green.
+
+### Deferred
+
+- Grafana / Prometheus exporter (out of scope; code-primitive
+  observability shipped first).
+- Event-stream compaction / retention (`events.jsonl` grows unbounded;
+  Phase 22.x if needed).
+- Replay-on-subscribe semantics (bus stays live-only; transports that
+  want replay read `events.jsonl` directly, then subscribe live).
+- Wire-in for `gdd-mcp-circuit-breaker.js`, `budget-enforcer.ts`,
+  `context-exhaustion.ts`, `gdd-read-injection-scanner.ts` — flow is
+  more intricate; follow-up phase.
+
+---
+
+## [1.21.0] — 2026-04-24
+
+Phase 21 GDD SDK Headless milestone — the plugin now runs unchanged on Claude Code, OpenAI Codex CLI, and Gemini CLI, and ships a full `gdd-sdk` CLI that executes the design pipeline without a harness. 12 plans (21-01 through 21-12), 50+ commits, 936 tests.
+
+### Added
+
+- **Headless SDK** — new `bin/gdd-sdk` CLI that runs the full design pipeline
+  without Claude Code. Subcommands: `run`, `stage <name>`, `query <op>`,
+  `audit`, `init`. Publishes as `gdd-sdk` in `package.json` `bin`. See
+  `docs/HEADLESS.md` (Phase 23 deliverable) for CI integration guidance.
+- **Session runner** (`scripts/lib/session-runner/`) — typed wrapper around
+  `@anthropic-ai/claude-agent-sdk` with USD/token budget caps, turn caps,
+  transcript capture, structured error mapping via `gdd-errors` taxonomy.
+  Emits `session.started`, `session.completed`, `session.budget_exceeded`
+  events on the shared event stream.
+- **Context engine** (`scripts/lib/context-engine/`) — per-stage file
+  manifest + markdown-aware truncation that preserves frontmatter, every
+  heading, and the first paragraph of each section for files larger than
+  8 KiB. Keeps session prompts within budget without dropping load-bearing
+  context.
+- **Tool scoping** (`scripts/lib/tool-scoping/`) — per-stage allowed-tools
+  enforcement at session creation. Verify is read-only; Explore adds web;
+  Design permits shell mutations. Per-agent frontmatter overrides via
+  `parseAgentTools()` for agent-level deviations.
+- **Structured logger** (`scripts/lib/logger/`) — leveled (debug/info/warn/
+  error) with JSONL output in headless mode, ANSI-colored stderr in
+  interactive mode. `warn`/`error` also emit `ErrorEvent` on the event
+  stream for CI consumers.
+- **Pipeline runner** (`scripts/lib/pipeline-runner/`) — brief → explore →
+  plan → design → verify state machine with retry-once, halt logic,
+  human-gate callbacks, config-driven step skipping. Emits
+  `pipeline.started`, `pipeline.completed`, `pipeline.halted`.
+- **Explore parallel runner** (`scripts/lib/explore-parallel-runner/`) —
+  4 mappers (token, component-taxonomy, a11y, visual-hierarchy) concurrent
+  with streaming synthesizer. Honors `parallelism_safe` agent frontmatter
+  for opt-in isolation.
+- **Discuss parallel runner** (`scripts/lib/discuss-parallel-runner/`) —
+  N discussant variants (user-journey, technical-constraint, brand-fit,
+  accessibility) concurrent, aggregator dedupes and clusters questions.
+- **`gdd-sdk init`** (`scripts/lib/init-runner/`) — new-project bootstrap
+  spawning 4 parallel researchers (design-system-audit, brand-context,
+  accessibility-baseline, competitive-references) + synthesizer producing
+  `.design/DESIGN-CONTEXT.md` draft.
+- **Cross-harness portability** (`scripts/lib/harness/`) — the plugin now
+  runs unchanged on Claude Code, OpenAI Codex CLI, and Gemini CLI. Ships
+  `reference/codex-tools.md`, `reference/gemini-tools.md`, `AGENTS.md`
+  (Codex), `GEMINI.md` (Gemini). The `gdd-state` MCP server works on all
+  three harnesses; harness detection is runtime-driven.
+- **E2E headless integration test** — `tests/e2e-headless.test.ts` with a
+  dry-run variant (always runs) and a live variant (gated on
+  `ANTHROPIC_API_KEY`). CI workflow gains an `e2e-headless` job.
+- **Phase 21 regression baseline** at `test-fixture/baselines/phase-21/` —
+  directory list, module list, agent list, connections list, CLI
+  subcommand list, event-type list. Enforced by
+  `tests/phase-21-baseline.test.cjs`.
+
+### Changed
+
+- `@anthropic-ai/claude-agent-sdk` added as a runtime dependency (was
+  previously only referenced in docs).
+- `package.json` `bin` now exports `gdd-sdk` in addition to
+  `get-design-done` and `gdd-state-mcp`.
+- `package.json` `files` adds `bin/` to the publish include list so the
+  `gdd-sdk` trampoline ships with the npm package.
+- `package.json` `keywords` expanded with headless / CLI / cross-harness
+  tokens (`headless`, `cli`, `codex`, `gemini`, `mcp`, `parallel-agents`,
+  `agent-sdk`) for npm search surface.
+
+### Infrastructure
+
+- New regression baseline at `test-fixture/baselines/phase-21/`.
+- CI workflow gains an `e2e-headless` job (dry-run on every PR; live on
+  main-branch push with `ANTHROPIC_API_KEY` secret).
+- `tests/semver-compare.test.cjs` `OFF_CADENCE_VERSIONS` now includes
+  `1.21.0` as the second off-cadence minor bump after `1.20.0`.
+
+---
+
 ## [1.20.0] — 2026-04-24
 
 Phase 20 SDK foundation milestone — the shift from "design pipeline" to "typed SDK + MCP server + resilience primitives + event stream". 16 plans (20-00 through 20-15), 50+ commits, 645+ tests.

package/README.md

@@ -29,7 +29,7 @@ npx @hegemonart/get-design-done@latest
 
 <br>
 
-[Why I Built This](#why-i-built-this) · [How It Works](#how-it-works) · [Canvas Tools](#ai-native-canvas-tools) · [Component Generators](#component-generators) · [Commands](#commands) · [Connections](#connections) · [Why It Works](#why-it-works)
+[Why I Built This](#why-i-built-this) · [How It Works](#how-it-works) · [Headless SDK](#headless-sdk) · [Canvas Tools](#ai-native-canvas-tools) · [Component Generators](#component-generators) · [Commands](#commands) · [Connections](#connections) · [Why It Works](#why-it-works)
 
 </div>
 
@@ -104,17 +104,27 @@ Built-in quality gates catch real problems: Handoff Faithfulness scoring on Clau
 - **Component generators** — 21st.dev Magic MCP adds a prior-art gate before any greenfield build; Magic Patterns generates DS-aware components with a `preview_url` for visual verification. Both feed into a shared `design-component-generator` agent.
 - **Twelve tool connections** — Four new connections (paper.design, pencil.dev, 21st.dev, Magic Patterns) join the original eight. All are optional; the pipeline degrades gracefully to fallbacks when any connection is unavailable.
 
-## What's New in v1.20.0
+## What's New in v1.21.0
 
-**Resilience primitives** (headline upgrade) — the pipeline now survives Anthropic API rate limits, 429 responses, and context-overflow errors without manual restart. New modules: jittered backoff, rate-guard, error-classifier, iteration-budget. See [`reference/error-recovery.md`](reference/error-recovery.md) for the recovery protocol. Connection probes and long-running loops use these primitives instead of fixed sleeps.
+**Headless SDK** (headline upgrade) — the plugin now ships a `gdd-sdk` CLI that runs the full design pipeline without Claude Code. Five subcommands (`run`, `stage`, `query`, `audit`, `init`) work on any CI runner with Node 22+ and an `ANTHROPIC_API_KEY`. See the [Headless SDK](#headless-sdk) section below for examples.
 
-**Typed state core** — `.design/STATE.md` mutations are now lockfile-safe. Parallel executors can concurrently update `task_progress` and `<blockers>` on the same file with zero corruption — validated by a 4-way race-condition test (2000 concurrent ops, <60s). The legacy `Read → regex → Write` pattern is deprecated in favor of the typed API.
+**Parallel researchers** — four new runners execute concurrent specialized agents with a streaming synthesizer: `explore-parallel-runner` (4 mappers: token, component-taxonomy, a11y, visual-hierarchy), `discuss-parallel-runner` (N discussants: user-journey, technical-constraint, brand-fit, accessibility), and `init-runner` (4 researchers for `gdd-sdk init` bootstrap). A `pipeline-runner` state machine orchestrates brief → explore → plan → design → verify with retry-once, halt logic, and human-gate callbacks.
 
-**`gdd-state` MCP server** — 11 typed tools (`gdd_state__get`, `__update_progress`, `__transition_stage`, `__add_blocker`, `__resolve_blocker`, `__add_decision`, `__add_must_have`, `__set_status`, `__checkpoint`, `__probe_connections`, `__frontmatter_update`) replace ad-hoc STATE.md edits. Every mutation emits a typed event to `.design/telemetry/events.jsonl`, giving downstream consumers a structured audit trail next to the existing `costs.jsonl` cost stream.
+**Cross-harness portability** — the plugin runs unchanged on Claude Code, OpenAI Codex CLI, and Gemini CLI. Codex auto-loads [`AGENTS.md`](AGENTS.md); Gemini auto-loads [`GEMINI.md`](GEMINI.md). Tool-name translations live in [`reference/codex-tools.md`](reference/codex-tools.md) and [`reference/gemini-tools.md`](reference/gemini-tools.md). The `gdd-state` MCP server works on all three harnesses.
 
-**TypeScript foundation** — `tsc --noEmit` typechecks the whole SDK; JSON schemas codegen to `reference/schemas/generated.d.ts`; hooks + Tier-1 scripts migrated to `.ts` and executed directly via Node 22 `--experimental-strip-types` (no bundler step).
+**Session primitives** — `session-runner` (typed wrapper around `@anthropic-ai/claude-agent-sdk` with USD/token budget caps, turn caps, transcript capture), `context-engine` (per-stage file manifest + markdown-aware truncation preserving frontmatter, headings, and first paragraph of each section), `tool-scoping` (per-stage allowed-tools enforcement with per-agent frontmatter overrides), and a structured `logger` (leveled, JSONL in headless mode, ANSI-colored in interactive mode).
 
-**Prompt sanitizer** — strips interactive-only constructs (AskUserQuestion, STOP, `/gdd:` slash commands) from skill bodies. Preparatory work for headless-runner support.
+**E2E headless integration test** — `tests/e2e-headless.test.ts` with a dry-run variant (always runs) and a live variant gated on `ANTHROPIC_API_KEY`. CI gains an `e2e-headless` job.
+
+### Previously in v1.20.0
+
+**Resilience primitives** — the pipeline survives Anthropic API rate limits, 429 responses, and context-overflow errors without manual restart. Modules: jittered backoff, rate-guard, error-classifier, iteration-budget. See [`reference/error-recovery.md`](reference/error-recovery.md).
+
+**Typed state core** — `.design/STATE.md` mutations are lockfile-safe. Parallel executors concurrently update `task_progress` and `<blockers>` on the same file with zero corruption (validated by 4-way race-condition test, 2000 concurrent ops, <60s).
+
+**`gdd-state` MCP server** — 11 typed tools (`gdd_state__get`, `__update_progress`, `__transition_stage`, `__add_blocker`, `__resolve_blocker`, `__add_decision`, `__add_must_have`, `__set_status`, `__checkpoint`, `__probe_connections`, `__frontmatter_update`) replace ad-hoc STATE.md edits. Every mutation emits a typed event to `.design/telemetry/events.jsonl`.
+
+**TypeScript foundation** — `tsc --noEmit` typechecks the whole SDK; JSON schemas codegen to `reference/schemas/generated.d.ts`; hooks + Tier-1 scripts migrated to `.ts` and executed directly via Node 22 `--experimental-strip-types`.
 
 ---
 
@@ -490,6 +500,37 @@ The watcher writes `.design/authority-report.md` — new entries classified into
 
 ---
 
+## Headless SDK
+
+Run the full GDD pipeline without Claude Code:
+
+```bash
+npx gdd-sdk init                      # bootstrap a new project
+npx gdd-sdk run                       # full pipeline (brief → verify)
+npx gdd-sdk stage explore --parallel  # single stage with parallel mappers
+npx gdd-sdk query position            # typed STATE.md read
+npx gdd-sdk audit --baseline <dir>    # regression check
+```
+
+Requires Node 22+ and an `ANTHROPIC_API_KEY`. Works on any CI runner.
+
+Internally the SDK stitches together the Phase-21 runner modules:
+`session-runner` (budget + turn cap + transcript), `context-engine` (per-stage
+file manifest + markdown truncation), `tool-scoping` (per-stage allowed-tools),
+`pipeline-runner` (brief → verify state machine with retry-once + human-gate
+callbacks), and `explore-parallel` / `discuss-parallel` / `init` for the
+concurrent researcher stages.
+
+### Cross-harness
+
+The plugin runs unchanged on Claude Code, OpenAI Codex CLI, and Gemini CLI.
+See [`reference/codex-tools.md`](reference/codex-tools.md) and
+[`reference/gemini-tools.md`](reference/gemini-tools.md) for the tool
+translations; Codex auto-loads [`AGENTS.md`](AGENTS.md) and Gemini auto-loads
+[`GEMINI.md`](GEMINI.md). The `gdd-state` MCP server works on all three.
+
+---
+
 ## AI-Native Canvas Tools
 
 get-design-done integrates with canvas tools that treat the design canvas as both source AND destination — enabling a full canvas→code→verify→canvas round-trip.

package/bin/gdd-sdk

@@ -0,0 +1,55 @@
+#!/usr/bin/env node
+// bin/gdd-sdk — Plan 21-09 Task 7 (SDK-21).
+//
+// CJS trampoline: spawns `node --experimental-strip-types` against the
+// real TS entry point in `scripts/lib/cli/index.ts` and forwards argv +
+// exit code. Windows-compatible (npm's generated .cmd shim on Windows
+// has no way to inject the --experimental-strip-types flag otherwise).
+//
+// Why a trampoline:
+//   POSIX shebangs can use `#!/usr/bin/env -S node --experimental-strip-types`,
+//   but Windows cmd.exe does not honor shebangs. npm's auto-generated
+//   .cmd shim invokes plain `node bin/gdd-sdk` without passing the
+//   experimental flag. The trampoline re-launches node with the flag
+//   explicitly so both platforms end up at the same TS entry.
+
+'use strict';
+
+const { spawn } = require('node:child_process');
+const path = require('node:path');
+
+const entry = path.resolve(
+  __dirname,
+  '..',
+  'scripts',
+  'lib',
+  'cli',
+  'index.ts',
+);
+
+const child = spawn(
+  process.execPath,
+  ['--experimental-strip-types', entry, ...process.argv.slice(2)],
+  { stdio: 'inherit', shell: false },
+);
+
+child.on('exit', (code, signal) => {
+  if (signal) {
+    // Re-raise the signal to ourselves so the parent shell sees the same
+    // termination mode (e.g., Ctrl+C propagates as SIGINT exit).
+    try {
+      process.kill(process.pid, signal);
+    } catch {
+      process.exit(1);
+    }
+    return;
+  }
+  process.exit(typeof code === 'number' ? code : 0);
+});
+
+child.on('error', (err) => {
+  // Failure to spawn node itself — extremely rare; surface to stderr.
+  // eslint-disable-next-line no-console
+  console.error('gdd-sdk: failed to launch TypeScript entry:', err.message);
+  process.exit(3);
+});

package/hooks/_hook-emit.js

@@ -0,0 +1,81 @@
+/**
+ * hooks/_hook-emit.js — shared `hook.fired` emitter for Phase 22 wire-in
+ * (Plan 22-09).
+ *
+ * Hooks must NEVER throw on telemetry failure — a broken event stream
+ * cannot block a tool call. This helper wraps appendEvent in try/catch
+ * and silently swallows.
+ *
+ * Why a wrapper instead of importing directly:
+ *   * Centralizes the try/catch so each hook stays terse.
+ *   * Loads the .ts event-stream lazily — hooks invoked via plain `node`
+ *     (no --experimental-strip-types) just no-op on telemetry instead
+ *     of crashing. The hooks.json registrations vary on whether they
+ *     pass --experimental-strip-types, and we don't want to forbid
+ *     plain-node invocation paths.
+ *   * Single place to add structured event sinks later (e.g. mirror to
+ *     CLI transport) without touching every hook file.
+ *
+ * Usage:
+ *   const { emitHookFired } = require('./_hook-emit.js');
+ *   // …decision computed…
+ *   emitHookFired('budget-enforcer', 'allow');
+ */
+
+'use strict';
+
+let cachedAppendEvent = null;
+let resolutionAttempted = false;
+
+/**
+ * Lazy-resolve `appendEvent` — only loads the event-stream module the
+ * first time a hook fires. Falls back to a no-op if the module is not
+ * loadable in the current runtime (e.g. plain `node` without
+ * --experimental-strip-types).
+ *
+ * @returns {(ev: unknown) => void}
+ */
+function getAppendEvent() {
+  if (cachedAppendEvent !== null || resolutionAttempted) {
+    return cachedAppendEvent || (() => {});
+  }
+  resolutionAttempted = true;
+  try {
+    // event-stream/index.ts requires --experimental-strip-types. Try
+    // require()'ing — if Node refuses to parse `.ts`, we silently fall
+    // back to no-op.
+    // eslint-disable-next-line node/no-missing-require, global-require
+    cachedAppendEvent = require('../scripts/lib/event-stream/index.ts').appendEvent;
+    return cachedAppendEvent;
+  } catch {
+    cachedAppendEvent = null;
+    return () => {};
+  }
+}
+
+/**
+ * Emit a `hook.fired` event. Silent on every failure mode.
+ *
+ * @param {string} hookName
+ * @param {string} decision
+ * @param {Record<string, unknown>} [extras] — opaque additional payload fields
+ */
+function emitHookFired(hookName, decision, extras) {
+  try {
+    const appendEvent = getAppendEvent();
+    const payload = { hook: hookName, decision };
+    if (extras && typeof extras === 'object') {
+      Object.assign(payload, extras);
+    }
+    appendEvent({
+      type: 'hook.fired',
+      timestamp: new Date().toISOString(),
+      sessionId: process.env.GDD_SESSION_ID || 'hook',
+      payload,
+    });
+  } catch {
+    /* hooks must never throw on telemetry */
+  }
+}
+
+module.exports = { emitHookFired };

package/hooks/gdd-bash-guard.js

@@ -15,6 +15,7 @@
 
 const path = require('path');
 const { match } = require(path.join(__dirname, '..', 'scripts', 'lib', 'dangerous-patterns.cjs'));
+const { emitHookFired } = require('./_hook-emit.js'); // Plan 22-09 wire-in
 
 async function main() {
   let buf = '';
@@ -22,11 +23,13 @@ async function main() {
 
   let payload;
   try { payload = JSON.parse(buf || '{}'); } catch {
+    emitHookFired('gdd-bash-guard', 'allow', { reason: 'parse-error' });
     process.stdout.write(JSON.stringify({ continue: true }));
     return;
   }
 
   if (payload?.tool_name && payload.tool_name !== 'Bash') {
+    emitHookFired('gdd-bash-guard', 'allow', { reason: 'non-bash-tool' });
     process.stdout.write(JSON.stringify({ continue: true }));
     return;
   }
@@ -34,6 +37,10 @@ async function main() {
   const command = payload?.tool_input?.command ?? '';
   const r = match(command);
   if (r.matched) {
+    emitHookFired('gdd-bash-guard', 'block', {
+      severity: r.severity,
+      pattern: r.pattern,
+    });
     process.stdout.write(JSON.stringify({
       continue: false,
       stopReason: `gdd-bash-guard: dangerous command blocked (${r.severity}): ${r.description} [${r.pattern}]`,
@@ -41,6 +48,7 @@ async function main() {
     return;
   }
 
+  emitHookFired('gdd-bash-guard', 'allow', { reason: 'no-match' });
   process.stdout.write(JSON.stringify({ continue: true }));
 }
 

package/hooks/gdd-decision-injector.js

@@ -203,10 +203,12 @@ async function main() {
   const backendLabel = BACKEND || (useRgGlobal ? 'ripgrep' : 'node-grep');
   const block = buildRecallBlock(hits, basename, backendLabel);
   if (!block) {
+    try { require('./_hook-emit.js').emitHookFired('gdd-decision-injector', 'no-hits', { backend: backendLabel }); } catch { /* swallow */ }
     process.stdout.write(JSON.stringify({ continue: true }));
     return;
   }
 
+  try { require('./_hook-emit.js').emitHookFired('gdd-decision-injector', 'inject', { backend: backendLabel, hit_count: hits.length }); } catch { /* swallow */ }
   process.stdout.write(JSON.stringify({
     continue: true,
     hookSpecificOutput: { hookEventName: 'PreToolUse', additionalContext: block },

package/hooks/gdd-protected-paths.js

@@ -98,6 +98,11 @@ async function main() {
       : cand.replace(/\\/g, '/');
     const r = matches(rel, protectedPaths);
     if (r.matched) {
+      try {
+        require('./_hook-emit.js').emitHookFired('gdd-protected-paths', 'block', {
+          path: rel, pattern: r.pattern,
+        });
+      } catch { /* swallow */ }
       process.stdout.write(JSON.stringify({
         continue: false,
         stopReason: `gdd-protected-paths: '${rel}' is a protected path (matched '${r.pattern}'). To override, lift the path from the default glob list or explicitly edit via an approved workflow (e.g., /gdd:update, plan execution).`,
@@ -106,6 +111,9 @@ async function main() {
     }
   }
 
+  try {
+    require('./_hook-emit.js').emitHookFired('gdd-protected-paths', 'allow');
+  } catch { /* swallow */ }
   process.stdout.write(JSON.stringify({ continue: true }));
 }