@howlil/ez-agents 3.1.0 → 3.4.1

package/commands/ez/auth.md

@@ -0,0 +1,87 @@
+---
+name: ez:auth
+description: Manage API credentials securely (save, list, delete)
+argument-hint: "<save|list|delete|test> [provider] [secret]"
+agent: ez-helper
+allowed-tools:
+  - Read
+  - Bash
+---
+<objective>
+Manage API credentials securely using system keychain or fallback file storage
+
+**Subcommands:**
+- `ez:auth save <provider> <secret>` — Save credential for provider
+- `ez:auth list` — List all stored providers
+- `ez:auth delete <provider>` — Delete credential for provider
+- `ez:auth test` — Test credential system and show keychain status
+
+**Providers:** anthropic, moonshot, alibaba, qwen, openai
+</objective>
+
+<execution_context>
+@~/.claude/ez-agents/workflows/ez-helper.md
+</execution_context>
+
+<context>
+@.planning/PROJECT.md
+@.planning/STATE.md
+
+# Credential storage module:
+@ez-agents/bin/lib/auth.cjs
+
+# EZ tools CLI:
+@ez-agents/bin/ez-tools.cjs
+</context>
+
+<process>
+## Subcommand Routing
+
+1. **Parse arguments** — First arg is subcommand (save/list/delete/test), remaining are parameters
+2. **Route to handler** — Call appropriate auth function from ez-tools.cjs
+3. **Output result** — Show success/failure with user-friendly messages
+
+## Handlers
+
+### save <provider> <secret>
+1. Validate provider name against known providers
+2. Call saveCredential(provider, secret)
+3. Output: "✓ Credential saved for {provider}" or error message
+
+### list
+1. Call listProviders()
+2. Check isKeychainAvailable()
+3. Output table:
+   ```
+   Provider       Storage
+   ─────────────────────────
+   anthropic      Keychain ✓
+   qwen           File (fallback)
+   ```
+4. If using file storage, show warning: "⚠ Using file storage — consider installing keytar for better security"
+
+### delete <provider>
+1. Validate provider exists
+2. Confirm deletion (ask user or require --force)
+3. Call deleteCredential(provider)
+4. Output: "✓ Credential deleted for {provider}"
+
+### test
+1. Check isKeychainAvailable()
+2. Output:
+   ```
+   Credential System Test
+   
+   Keychain (keytar): {Available | Unavailable}
+   Storage mode: {System keychain | Fallback file}
+   
+   Stored providers: {count}
+   ```
+3. If keytar unavailable, show install hint: "npm install keytar"
+
+## Error Handling
+
+- **Invalid provider:** "Unknown provider '{name}'. Valid: anthropic, moonshot, alibaba, qwen, openai"
+- **Credential not found:** "No credential found for {provider}. Use 'save' to add one."
+- **Keychain error:** "Failed to access keychain: {error}. Using fallback storage."
+</process>

package/commands/ez/join-discord.md

@@ -12,7 +12,7 @@ Display the Discord invite link for the EZ Agents community server.
 
 Connect with other EZ Agents users, get help, share what you're building, and stay updated.
 
-**Invite link:** https://discord.gg/gsd
+**Invite link:** https://discord.gg/ez-agents
 
 Click the link or paste it into your browser to join.
 </output>

package/ez-agents/bin/ez-tools.cjs

@@ -139,6 +139,8 @@ const milestone = require('./lib/milestone.cjs');
 const commands = require('./lib/commands.cjs');
 const init = require('./lib/init.cjs');
 const frontmatter = require('./lib/frontmatter.cjs');
+const HealthCheck = require('./lib/health-check.cjs');
+const auth = require('./lib/auth.cjs');
 
 // ─── CLI Router ───────────────────────────────────────────────────────────────
 
@@ -172,7 +174,7 @@ async function main() {
   const command = args[0];
 
   if (!command) {
-    error('Usage: ez-tools <command> [args] [--raw] [--cwd <path>]\nCommands: state, resolve-model, find-phase, commit, verify-summary, verify, frontmatter, template, generate-slug, current-timestamp, list-todos, verify-path-exists, config-ensure-section, init');
+    error('Usage: ez-tools <command> [args] [--raw] [--cwd <path>]\nCommands: state, resolve-model, find-phase, commit, verify-summary, verify, frontmatter, template, generate-slug, current-timestamp, list-todos, verify-path-exists, config-ensure-section, init, health');
   }
 
   switch (command) {
@@ -247,6 +249,122 @@ async function main() {
       break;
     }
 
+    case 'health': {
+      const health = new HealthCheck();
+      const result = health.runAll();
+      console.log(JSON.stringify(result, null, 2));
+      break;
+    }
+
+    case 'auth': {
+      const subcommand = args[1];
+      if (!subcommand) {
+        error('Usage: ez-tools auth <save|list|delete|test> [provider] [secret]\nSubcommands: save, list, delete, test');
+      }
+
+      switch (subcommand) {
+        case 'save': {
+          const provider = args[2];
+          const secret = args[3];
+          if (!provider || !secret) {
+            error('Usage: ez-tools auth save <provider> <secret>');
+          }
+          const success = await auth.saveCredential(provider, secret);
+          if (success) {
+            console.log(`✓ Credential saved for ${provider}`);
+          } else {
+            console.error('Failed to save credential');
+            process.exit(1);
+          }
+          break;
+        }
+
+        case 'list': {
+          const providers = await auth.listProviders();
+          const usingKeychain = auth.isKeychainAvailable();
+          
+          console.log('');
+          console.log('Provider       Storage');
+          console.log('─────────────────────────');
+          if (providers.length === 0) {
+            console.log('No credentials stored');
+          } else {
+            for (const p of providers) {
+              const storage = usingKeychain ? 'Keychain ✓' : 'File (fallback)';
+              console.log(`${p.padEnd(14)} ${storage}`);
+            }
+          }
+          if (!usingKeychain) {
+            console.log('');
+            console.log('⚠ Using file storage — consider installing keytar for better security');
+          }
+          break;
+        }
+
+        case 'delete': {
+          const provider = args[2];
+          const force = args.includes('--force');
+          if (!provider) {
+            error('Usage: ez-tools auth delete <provider> [--force]');
+          }
+          
+          if (!force) {
+            const readline = require('readline');
+            const rl = readline.createInterface({
+              input: process.stdin,
+              output: process.stdout
+            });
+            
+            const answer = await new Promise(resolve => {
+              rl.question(`Delete credential for ${provider}? [y/N] `, resolve);
+              rl.close();
+            });
+            
+            if (answer.toLowerCase() !== 'y') {
+              console.log('Delete cancelled');
+              break;
+            }
+          }
+          
+          const success = await auth.deleteCredential(provider);
+          if (success) {
+            console.log(`✓ Credential deleted for ${provider}`);
+          } else {
+            console.error(`No credential found for ${provider}`);
+            process.exit(1);
+          }
+          break;
+        }
+
+        case 'test': {
+          const usingKeychain = auth.isKeychainAvailable();
+          const providers = await auth.listProviders();
+          
+          console.log('');
+          console.log('Credential System Test');
+          console.log('══════════════════════');
+          console.log(`Keychain (keytar): ${usingKeychain ? 'Available ✓' : 'Unavailable'}`);
+          console.log(`Storage mode: ${usingKeychain ? 'System keychain' : 'Fallback file'}`);
+          console.log('');
+          console.log(`Stored providers: ${providers.length}`);
+          if (providers.length > 0) {
+            console.log(`  ${providers.join(', ')}`);
+          }
+          if (!usingKeychain) {
+            console.log('');
+            console.log('Tip: Install keytar for better security:');
+            console.log('  npm install keytar');
+          }
+          break;
+        }
+
+        default: {
+          error('Unknown auth subcommand: ' + subcommand + '\nValid: save, list, delete, test');
+        }
+      }
+      break;
+    }
+
     case 'resolve-model': {
       commands.cmdResolveModel(cwd, args[1], raw);
       break;
@@ -526,7 +644,7 @@ async function main() {
           init.cmdInitPlanPhase(cwd, args[2], raw);
           break;
         case 'new-project':
-          init.cmdInitNewProject(cwd, raw);
+          await init.cmdInitNewProject(cwd, raw);
           break;
         case 'new-milestone':
           init.cmdInitNewMilestone(cwd, raw);

package/ez-agents/bin/lib/assistant-adapter.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * GSD Assistant Adapters — Unified interface for AI coding assistants
+ * EZ Assistant Adapters — Unified interface for AI coding assistants
  * 
  * Adapters for: Claude Code, OpenCode, Gemini CLI, Codex
  * 
@@ -165,6 +165,63 @@ class CodexAdapter extends AssistantAdapter {
   }
 }
 
+/**
+ * Qwen Code adapter
+ */
+class QwenAdapter extends AssistantAdapter {
+  constructor() {
+    super('qwen');
+  }
+
+  async spawnAgent(type, options) {
+    logger.info('Qwen Code: spawning agent', { type });
+    // Qwen Code uses its own agent system
+    return { type, status: 'completed', result: '[Qwen Code agent result]' };
+  }
+
+  async callTool(tool, params) {
+    logger.info('Qwen Code: calling tool', { tool });
+    return { tool, status: 'success' };
+  }
+
+  selectModel(taskType) {
+    const models = {
+      planning: 'qwen-max',
+      execution: 'qwen-plus',
+      verification: 'qwen-plus'
+    };
+    return models[taskType] || models.execution;
+  }
+}
+
+/**
+ * Kimi Code adapter
+ */
+class KimiAdapter extends AssistantAdapter {
+  constructor() {
+    super('kimi');
+  }
+
+  async spawnAgent(type, options) {
+    logger.info('Kimi Code: spawning agent', { type });
+    return { type, status: 'completed', result: '[Kimi Code agent result]' };
+  }
+
+  async callTool(tool, params) {
+    logger.info('Kimi Code: calling tool', { tool });
+    return { tool, status: 'success' };
+  }
+
+  selectModel(taskType) {
+    const models = {
+      planning: 'moonshot-v1-32k',
+      execution: 'moonshot-v1-8k',
+      verification: 'moonshot-v1-8k'
+    };
+    return models[taskType] || models.execution;
+  }
+}
+
 /**
  * Factory function to create adapter
  * @param {string} type - Adapter type
@@ -175,7 +232,9 @@ function createAdapter(type) {
     'claude-code': ClaudeCodeAdapter,
     'opencode': OpenCodeAdapter,
     'gemini': GeminiAdapter,
-    'codex': CodexAdapter
+    'codex': CodexAdapter,
+    'qwen': QwenAdapter,
+    'kimi': KimiAdapter
   };
 
   const AdapterClass = adapters[type];
@@ -191,7 +250,7 @@ function createAdapter(type) {
  * @returns {string[]} - List of adapter names
  */
 function getAvailableAdapters() {
-  return ['claude-code', 'opencode', 'gemini', 'codex'];
+  return ['claude-code', 'opencode', 'gemini', 'codex', 'qwen', 'kimi'];
 }
 
 module.exports = {

package/ez-agents/bin/lib/audit-exec.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * GSD Audit Exec — Command execution with full audit logging
+ * EZ Audit Exec — Command execution with full audit logging
  * 
  * Logs all command executions to audit file for security review:
  * - Timestamp, command, arguments, context
@@ -22,13 +22,25 @@ const logger = new Logger();
 
 const execFileAsync = promisify(execFile);
 
-// Audit log file path
-const AUDIT_DIR = join('.planning', 'logs');
-const AUDIT_FILE = join(AUDIT_DIR, `audit-${new Date().toISOString().split('T')[0]}.jsonl`);
+// Audit log file path - lazy init
+let _AUDIT_DIR;
+let _AUDIT_FILE;
 
-// Ensure audit directory exists
-if (!existsSync(AUDIT_DIR)) {
-  mkdirSync(AUDIT_DIR, { recursive: true });
+function getAuditDir() {
+  if (!_AUDIT_DIR) {
+    _AUDIT_DIR = join('.planning', 'logs');
+    if (!existsSync(_AUDIT_DIR)) {
+      mkdirSync(_AUDIT_DIR, { recursive: true });
+    }
+  }
+  return _AUDIT_DIR;
+}
+
+function getAuditFile() {
+  if (!_AUDIT_FILE) {
+    _AUDIT_FILE = join(getAuditDir(), `audit-${new Date().toISOString().split('T')[0]}.jsonl`);
+  }
+  return _AUDIT_FILE;
 }
 
 /**
@@ -37,7 +49,7 @@ if (!existsSync(AUDIT_DIR)) {
  */
 function writeAudit(entry) {
   const line = JSON.stringify(entry) + '\n';
-  appendFileSync(AUDIT_FILE, line, 'utf-8');
+  appendFileSync(getAuditFile(), line, 'utf-8');
 }
 
 /**

package/ez-agents/bin/lib/auth.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * GSD Auth — Secure credential storage using system keychain
+ * EZ Auth — Secure credential storage using system keychain
  * 
  * Stores API keys securely using:
  * - keytar for system keychain (Windows Credential Manager, macOS Keychain, libsecret)
@@ -25,6 +25,7 @@ const PROVIDERS = {
   ANTHROPIC: 'anthropic',
   MOONSHOT: 'moonshot',
   ALIBABA: 'alibaba',
+  QWEN: 'qwen',
   OPENAI: 'openai'
 };
 

package/ez-agents/bin/lib/circuit-breaker.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 /**
- * GSD Circuit Breaker — Prevent cascading failures
+ * EZ Circuit Breaker — Prevent cascading failures
  * 
  * Implements circuit breaker pattern:
  * - CLOSED: Normal operation

package/ez-agents/bin/lib/commands.cjs

@@ -3,9 +3,9 @@
  */
 const fs = require('fs');
 const path = require('path');
-const { execSync } = require('child_process');
 const { safeReadFile, loadConfig, isGitIgnored, execGit, normalizePhaseName, comparePhaseNum, getArchivedPhaseDirs, generateSlugInternal, getMilestoneInfo, resolveModelInternal, MODEL_PROFILES, toPosixPath, output, error, findPhaseInternal } = require('./core.cjs');
 const { extractFrontmatter } = require('./frontmatter.cjs');
+const { defaultLogger: logger } = require('./logger.cjs');
 
 function cmdGenerateSlug(text, raw) {
   if (!text) {
@@ -70,9 +70,13 @@ function cmdListTodos(cwd, area, raw) {
           area: todoArea,
           path: toPosixPath(path.join('.planning', 'todos', 'pending', file)),
         });
-      } catch {}
+      } catch (err) {
+        logger.warn('Failed to parse todo file in cmdListTodos', { file, error: err.message });
+      }
     }
-  } catch {}
+  } catch (err) {
+    logger.warn('Failed to list pending todos in cmdListTodos', { pendingDir, error: err.message });
+  }
 
   const result = { count, todos };
   output(result, raw, count.toString());
@@ -90,7 +94,8 @@ function cmdVerifyPathExists(cwd, targetPath, raw) {
     const type = stats.isDirectory() ? 'directory' : stats.isFile() ? 'file' : 'other';
     const result = { exists: true, type };
     output(result, raw, 'true');
-  } catch {
+  } catch (err) {
+    logger.warn('Path verification failed in cmdVerifyPathExists', { fullPath, error: err.message });
     const result = { exists: false, type: null };
     output(result, raw, 'false');
   }
@@ -119,7 +124,9 @@ function cmdHistoryDigest(cwd, raw) {
       for (const dir of currentDirs) {
         allPhaseDirs.push({ name: dir, fullPath: path.join(phasesDir, dir), milestone: null });
       }
-    } catch {}
+    } catch (err) {
+      logger.warn('Failed to enumerate current phase directories in cmdHistoryDigest', { phasesDir, error: err.message });
+    }
   }
 
   if (allPhaseDirs.length === 0) {
@@ -177,8 +184,8 @@ function cmdHistoryDigest(cwd, raw) {
             fm['tech-stack'].added.forEach(t => digest.tech_stack.add(typeof t === 'string' ? t : t.name));
           }
 
-        } catch (e) {
-          // Skip malformed summaries
+        } catch (err) {
+          logger.warn('Skipping malformed summary in cmdHistoryDigest', { summary, dirPath, error: err.message });
         }
       }
     }
@@ -192,8 +199,9 @@ function cmdHistoryDigest(cwd, raw) {
     digest.tech_stack = [...digest.tech_stack];
 
     output(digest, raw);
-  } catch (e) {
-    error('Failed to generate history digest: ' + e.message);
+  } catch (err) {
+    logger.error('Failed to generate history digest', { error: err.message });
+    error('Failed to generate history digest: ' + err.message);
   }
 }
 
@@ -213,7 +221,7 @@ function cmdResolveModel(cwd, agentType, raw) {
   output(result, raw, model);
 }
 
-function cmdCommit(cwd, message, files, raw, amend) {
+async function cmdCommit(cwd, message, files, raw, amend) {
   if (!message && !amend) {
     error('commit message required');
   }
@@ -228,7 +236,7 @@ function cmdCommit(cwd, message, files, raw, amend) {
   }
 
   // Check if .planning is gitignored
-  if (isGitIgnored(cwd, '.planning')) {
+  if (await isGitIgnored(cwd, '.planning')) {
     const result = { committed: false, hash: null, reason: 'skipped_gitignored' };
     output(result, raw, 'skipped');
     return;
@@ -237,12 +245,12 @@ function cmdCommit(cwd, message, files, raw, amend) {
   // Stage files
   const filesToStage = files && files.length > 0 ? files : ['.planning/'];
   for (const file of filesToStage) {
-    execGit(cwd, ['add', file]);
+    await execGit(cwd, ['add', file]);
   }
 
   // Commit
   const commitArgs = amend ? ['commit', '--amend', '--no-edit'] : ['commit', '-m', message];
-  const commitResult = execGit(cwd, commitArgs);
+  const commitResult = await execGit(cwd, commitArgs);
   if (commitResult.exitCode !== 0) {
     if (commitResult.stdout.includes('nothing to commit') || commitResult.stderr.includes('nothing to commit')) {
       const result = { committed: false, hash: null, reason: 'nothing_to_commit' };
@@ -255,7 +263,7 @@ function cmdCommit(cwd, message, files, raw, amend) {
   }
 
   // Get short hash
-  const hashResult = execGit(cwd, ['rev-parse', '--short', 'HEAD']);
+  const hashResult = await execGit(cwd, ['rev-parse', '--short', 'HEAD']);
   const hash = hashResult.exitCode === 0 ? hashResult.stdout : null;
   const result = { committed: true, hash, reason: 'committed' };
   output(result, raw, hash || 'committed');
@@ -375,6 +383,7 @@ async function cmdWebsearch(query, options, raw) {
       results
     }, raw, results.map(r => `${r.title}\n${r.url}\n${r.description}`).join('\n\n'));
   } catch (err) {
+    logger.warn('Websearch request failed in cmdWebsearch', { query, error: err.message });
     output({ available: false, error: err.message }, raw, '');
   }
 }
@@ -411,7 +420,9 @@ function cmdProgressRender(cwd, format, raw) {
 
       phases.push({ number: phaseNum, name: phaseName, plans, summaries, status });
     }
-  } catch {}
+  } catch (err) {
+    logger.warn('Failed to enumerate phase directories in cmdProgressRender', { phasesDir, error: err.message });
+  }
 
   const percent = totalPlans > 0 ? Math.min(100, Math.round((totalSummaries / totalPlans) * 100)) : 0;
 
@@ -492,7 +503,7 @@ function cmdScaffold(cwd, type, options, raw) {
   switch (type) {
     case 'context': {
       filePath = path.join(phaseDir, `${padded}-CONTEXT.md`);
-      content = `---\nphase: "${padded}"\nname: "${name || phaseInfo?.phase_name || 'Unnamed'}"\ncreated: ${today}\n---\n\n# Phase ${phase}: ${name || phaseInfo?.phase_name || 'Unnamed'} — Context\n\n## Decisions\n\n_Decisions will be captured during /gsd:discuss-phase ${phase}_\n\n## Discretion Areas\n\n_Areas where the executor can use judgment_\n\n## Deferred Ideas\n\n_Ideas to consider later_\n`;
+      content = `---\nphase: "${padded}"\nname: "${name || phaseInfo?.phase_name || 'Unnamed'}"\ncreated: ${today}\n---\n\n# Phase ${phase}: ${name || phaseInfo?.phase_name || 'Unnamed'} — Context\n\n## Decisions\n\n_Decisions will be captured during /ez-discuss-phase ${phase}_\n\n## Discretion Areas\n\n_Areas where the executor can use judgment_\n\n## Deferred Ideas\n\n_Ideas to consider later_\n`;
       break;
     }
     case 'uat': {
@@ -532,7 +543,7 @@ function cmdScaffold(cwd, type, options, raw) {
   output({ created: true, path: relPath }, raw, relPath);
 }
 
-function cmdStats(cwd, format, raw) {
+async function cmdStats(cwd, format, raw) {
   const phasesDir = path.join(cwd, '.planning', 'phases');
   const reqPath = path.join(cwd, '.planning', 'REQUIREMENTS.md');
   const statePath = path.join(cwd, '.planning', 'STATE.md');
@@ -566,7 +577,9 @@ function cmdStats(cwd, format, raw) {
 
       phases.push({ number: phaseNum, name: phaseName, plans, summaries, status });
     }
-  } catch {}
+  } catch (err) {
+    logger.warn('Failed to enumerate phase directories in cmdStats', { phasesDir, error: err.message });
+  }
 
   const percent = totalPlans > 0 ? Math.min(100, Math.round((totalSummaries / totalPlans) * 100)) : 0;
 
@@ -581,7 +594,9 @@ function cmdStats(cwd, format, raw) {
       requirementsComplete = checked ? checked.length : 0;
       requirementsTotal = requirementsComplete + (unchecked ? unchecked.length : 0);
     }
-  } catch {}
+  } catch (err) {
+    logger.warn('Failed to parse REQUIREMENTS.md in cmdStats', { reqPath, error: err.message });
+  }
 
   // Last activity from STATE.md
   let lastActivity = null;
@@ -591,17 +606,21 @@ function cmdStats(cwd, format, raw) {
       const activityMatch = stateContent.match(/\*\*Last Activity:\*\*\s*(.+)/);
       if (activityMatch) lastActivity = activityMatch[1].trim();
     }
-  } catch {}
+  } catch (err) {
+    logger.warn('Failed to read STATE.md in cmdStats', { statePath, error: err.message });
+  }
 
   // Git stats
   let gitCommits = 0;
   let gitFirstCommitDate = null;
   try {
-    const commitCount = execGit(cwd, ['rev-list', '--count', 'HEAD']);
+    const commitCount = await execGit(cwd, ['rev-list', '--count', 'HEAD']);
     gitCommits = parseInt(commitCount.trim(), 10) || 0;
-    const firstDate = execGit(cwd, ['log', '--reverse', '--format=%as', '--max-count=1']);
+    const firstDate = await execGit(cwd, ['log', '--reverse', '--format=%as', '--max-count=1']);
     gitFirstCommitDate = firstDate.trim() || null;
-  } catch {}
+  } catch (err) {
+    logger.warn('Failed to compute git stats in cmdStats', { cwd, error: err.message });
+  }
 
   const completedPhases = phases.filter(p => p.status === 'Complete').length;
 

package/ez-agents/bin/lib/config.cjs

@@ -5,6 +5,7 @@
 const fs = require('fs');
 const path = require('path');
 const { output, error } = require('./core.cjs');
+const { safePlanningWriteSync } = require('./planning-write.cjs');
 
 const VALID_CONFIG_KEYS = new Set([
   'mode', 'granularity', 'parallelization', 'commit_docs', 'model_profile',
@@ -36,16 +37,22 @@ function cmdConfigEnsureSection(cwd, raw) {
     return;
   }
 
-  // Detect Brave Search API key availability
+  // Detect Brave Search API key availability (prefer ~/.ez)
   const homedir = require('os').homedir();
-  const braveKeyFile = path.join(homedir, '.gsd', 'brave_api_key');
-  const hasBraveSearch = !!(process.env.BRAVE_API_KEY || fs.existsSync(braveKeyFile));
-
-  // Load user-level defaults from ~/.gsd/defaults.json if available
-  const globalDefaultsPath = path.join(homedir, '.gsd', 'defaults.json');
+  const braveKeyCandidates = [
+    path.join(homedir, '.ez', 'brave_api_key'),
+  ];
+  const hasBraveSearch = !!(process.env.BRAVE_API_KEY || braveKeyCandidates.some(p => fs.existsSync(p)));
+
+  // Load user-level defaults from ~/.ez/defaults.json
+  const defaultsCandidates = [
+    path.join(homedir, '.ez', 'defaults.json'),
+  ];
+  const existingDefaultsPath = defaultsCandidates.find(p => fs.existsSync(p));
+  const globalDefaultsPath = existingDefaultsPath || defaultsCandidates[0];
   let userDefaults = {};
   try {
-    if (fs.existsSync(globalDefaultsPath)) {
+    if (existingDefaultsPath) {
       userDefaults = JSON.parse(fs.readFileSync(globalDefaultsPath, 'utf-8'));
       // Migrate deprecated "depth" key to "granularity"
       if ('depth' in userDefaults && !('granularity' in userDefaults)) {
@@ -65,8 +72,8 @@ function cmdConfigEnsureSection(cwd, raw) {
     commit_docs: true,
     search_gitignored: false,
     branching_strategy: 'none',
-    phase_branch_template: 'gsd/phase-{phase}-{slug}',
-    milestone_branch_template: 'gsd/{milestone}-{slug}',
+    phase_branch_template: 'ez/phase-{phase}-{slug}',
+    milestone_branch_template: 'ez/{milestone}-{slug}',
     workflow: {
       research: true,
       plan_check: true,
@@ -83,7 +90,7 @@ function cmdConfigEnsureSection(cwd, raw) {
   };
 
   try {
-    fs.writeFileSync(configPath, JSON.stringify(defaults, null, 2), 'utf-8');
+    safePlanningWriteSync(configPath, JSON.stringify(defaults, null, 2));
     const result = { created: true, path: '.planning/config.json' };
     output(result, raw, 'created');
   } catch (err) {
@@ -132,7 +139,7 @@ function cmdConfigSet(cwd, keyPath, value, raw) {
 
   // Write back
   try {
-    fs.writeFileSync(configPath, JSON.stringify(config, null, 2), 'utf-8');
+    safePlanningWriteSync(configPath, JSON.stringify(config, null, 2));
     const result = { updated: true, key: keyPath, value: parsedValue };
     output(result, raw, `${keyPath}=${parsedValue}`);
   } catch (err) {