npm - @opengsd/gsd-core - Versions diffs - 1.2.0-rc.1 - Mend

@opengsd/gsd-core 1.2.0-rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (503) hide show

package/LICENSE +21 -0
package/README.ja-JP.md +870 -0
package/README.ko-KR.md +861 -0
package/README.md +301 -0
package/README.pt-BR.md +492 -0
package/README.zh-CN.md +842 -0
package/agents/gsd-advisor-researcher.md +127 -0
package/agents/gsd-ai-researcher.md +133 -0
package/agents/gsd-assumptions-analyzer.md +105 -0
package/agents/gsd-code-fixer.md +668 -0
package/agents/gsd-code-reviewer.md +387 -0
package/agents/gsd-codebase-mapper.md +853 -0
package/agents/gsd-debug-session-manager.md +314 -0
package/agents/gsd-debugger.md +1452 -0
package/agents/gsd-doc-classifier.md +168 -0
package/agents/gsd-doc-synthesizer.md +204 -0
package/agents/gsd-doc-verifier.md +217 -0
package/agents/gsd-doc-writer.md +615 -0
package/agents/gsd-domain-researcher.md +153 -0
package/agents/gsd-eval-auditor.md +191 -0
package/agents/gsd-eval-planner.md +154 -0
package/agents/gsd-executor.md +772 -0
package/agents/gsd-framework-selector.md +160 -0
package/agents/gsd-integration-checker.md +470 -0
package/agents/gsd-intel-updater.md +342 -0
package/agents/gsd-nyquist-auditor.md +203 -0
package/agents/gsd-pattern-mapper.md +335 -0
package/agents/gsd-phase-researcher.md +928 -0
package/agents/gsd-plan-checker.md +978 -0
package/agents/gsd-planner.md +1218 -0
package/agents/gsd-project-researcher.md +677 -0
package/agents/gsd-research-synthesizer.md +255 -0
package/agents/gsd-roadmapper.md +688 -0
package/agents/gsd-security-auditor.md +155 -0
package/agents/gsd-ui-auditor.md +495 -0
package/agents/gsd-ui-checker.md +309 -0
package/agents/gsd-ui-researcher.md +380 -0
package/agents/gsd-user-profiler.md +171 -0
package/agents/gsd-verifier.md +917 -0
package/bin/install.js +10936 -0
package/bin/lib/ui-safety-gate.cjs +107 -0
package/commands/gsd/add-tests.md +42 -0
package/commands/gsd/ai-integration-phase.md +37 -0
package/commands/gsd/audit-fix.md +34 -0
package/commands/gsd/audit-milestone.md +37 -0
package/commands/gsd/audit-uat.md +24 -0
package/commands/gsd/autonomous.md +46 -0
package/commands/gsd/capture.md +62 -0
package/commands/gsd/cleanup.md +24 -0
package/commands/gsd/code-review.md +59 -0
package/commands/gsd/complete-milestone.md +143 -0
package/commands/gsd/config.md +56 -0
package/commands/gsd/debug.md +52 -0
package/commands/gsd/discuss-phase.md +76 -0
package/commands/gsd/docs-update.md +49 -0
package/commands/gsd/eval-review.md +33 -0
package/commands/gsd/execute-phase.md +64 -0
package/commands/gsd/explore.md +27 -0
package/commands/gsd/extract-learnings.md +23 -0
package/commands/gsd/fast.md +31 -0
package/commands/gsd/forensics.md +57 -0
package/commands/gsd/graphify.md +199 -0
package/commands/gsd/health.md +31 -0
package/commands/gsd/help.md +28 -0
package/commands/gsd/import.md +41 -0
package/commands/gsd/inbox.md +39 -0
package/commands/gsd/ingest-docs.md +42 -0
package/commands/gsd/manager.md +45 -0
package/commands/gsd/map-codebase.md +83 -0
package/commands/gsd/milestone-summary.md +51 -0
package/commands/gsd/mvp-phase.md +45 -0
package/commands/gsd/new-milestone.md +45 -0
package/commands/gsd/new-project.md +47 -0
package/commands/gsd/ns-context.md +23 -0
package/commands/gsd/ns-ideate.md +24 -0
package/commands/gsd/ns-manage.md +29 -0
package/commands/gsd/ns-project.md +22 -0
package/commands/gsd/ns-review.md +26 -0
package/commands/gsd/ns-workflow.md +28 -0
package/commands/gsd/pause-work.md +43 -0
package/commands/gsd/phase.md +56 -0
package/commands/gsd/plan-phase.md +62 -0
package/commands/gsd/plan-review-convergence.md +59 -0
package/commands/gsd/pr-branch.md +26 -0
package/commands/gsd/profile-user.md +46 -0
package/commands/gsd/progress.md +47 -0
package/commands/gsd/quick.md +174 -0
package/commands/gsd/resume-work.md +30 -0
package/commands/gsd/review-backlog.md +63 -0
package/commands/gsd/review.md +41 -0
package/commands/gsd/secure-phase.md +36 -0
package/commands/gsd/settings.md +29 -0
package/commands/gsd/ship.md +24 -0
package/commands/gsd/sketch.md +60 -0
package/commands/gsd/spec-phase.md +63 -0
package/commands/gsd/spike.md +57 -0
package/commands/gsd/stats.md +19 -0
package/commands/gsd/surface.md +155 -0
package/commands/gsd/thread.md +24 -0
package/commands/gsd/ui-phase.md +35 -0
package/commands/gsd/ui-review.md +33 -0
package/commands/gsd/ultraplan-phase.md +34 -0
package/commands/gsd/undo.md +35 -0
package/commands/gsd/update.md +48 -0
package/commands/gsd/validate-phase.md +36 -0
package/commands/gsd/verify-work.md +39 -0
package/commands/gsd/workspace.md +52 -0
package/commands/gsd/workstreams.md +70 -0
package/get-shit-done/bin/check-latest-version.cjs +106 -0
package/get-shit-done/bin/gsd-tools.cjs +1676 -0
package/get-shit-done/bin/lib/active-workstream-store.cjs +302 -0
package/get-shit-done/bin/lib/adr-parser.cjs +394 -0
package/get-shit-done/bin/lib/agent-command-router.cjs +65 -0
package/get-shit-done/bin/lib/artifacts.cjs +53 -0
package/get-shit-done/bin/lib/audit.cjs +755 -0
package/get-shit-done/bin/lib/check-command-router.cjs +333 -0
package/get-shit-done/bin/lib/cjs-command-router-adapter.cjs +118 -0
package/get-shit-done/bin/lib/clock.cjs +96 -0
package/get-shit-done/bin/lib/clusters.cjs +135 -0
package/get-shit-done/bin/lib/code-review-flags.cjs +74 -0
package/get-shit-done/bin/lib/command-aliases.cjs +815 -0
package/get-shit-done/bin/lib/command-arg-projection.cjs +62 -0
package/get-shit-done/bin/lib/command-routing-hub.cjs +388 -0
package/get-shit-done/bin/lib/commands.cjs +1188 -0
package/get-shit-done/bin/lib/config-schema.cjs +31 -0
package/get-shit-done/bin/lib/config.cjs +728 -0
package/get-shit-done/bin/lib/configuration.cjs +248 -0
package/get-shit-done/bin/lib/context-utilization.cjs +47 -0
package/get-shit-done/bin/lib/core.cjs +2121 -0
package/get-shit-done/bin/lib/decisions.cjs +116 -0
package/get-shit-done/bin/lib/docs.cjs +270 -0
package/get-shit-done/bin/lib/drift.cjs +388 -0
package/get-shit-done/bin/lib/fallow-runner.cjs +109 -0
package/get-shit-done/bin/lib/frontmatter.cjs +389 -0
package/get-shit-done/bin/lib/gap-checker.cjs +205 -0
package/get-shit-done/bin/lib/graphify.cjs +592 -0
package/get-shit-done/bin/lib/gsd2-import.cjs +514 -0
package/get-shit-done/bin/lib/init-command-router.cjs +58 -0
package/get-shit-done/bin/lib/init.cjs +2112 -0
package/get-shit-done/bin/lib/install-profiles.cjs +603 -0
package/get-shit-done/bin/lib/installer-migration-authoring.cjs +117 -0
package/get-shit-done/bin/lib/installer-migration-report.cjs +354 -0
package/get-shit-done/bin/lib/installer-migrations/000-first-time-baseline.cjs +220 -0
package/get-shit-done/bin/lib/installer-migrations/001-legacy-orphan-files.cjs +41 -0
package/get-shit-done/bin/lib/installer-migrations/002-codex-legacy-hooks-json.cjs +80 -0
package/get-shit-done/bin/lib/installer-migrations.cjs +778 -0
package/get-shit-done/bin/lib/intel.cjs +708 -0
package/get-shit-done/bin/lib/learnings.cjs +421 -0
package/get-shit-done/bin/lib/milestone.cjs +314 -0
package/get-shit-done/bin/lib/model-catalog.cjs +212 -0
package/get-shit-done/bin/lib/model-profiles.cjs +31 -0
package/get-shit-done/bin/lib/observability/event.cjs +82 -0
package/get-shit-done/bin/lib/observability/logger.cjs +174 -0
package/get-shit-done/bin/lib/observability/redaction.cjs +50 -0
package/get-shit-done/bin/lib/package-identity.cjs +31 -0
package/get-shit-done/bin/lib/phase-command-router.cjs +191 -0
package/get-shit-done/bin/lib/phase-lifecycle.cjs +80 -0
package/get-shit-done/bin/lib/phase.cjs +1607 -0
package/get-shit-done/bin/lib/phases-command-router.cjs +39 -0
package/get-shit-done/bin/lib/plan-scan.cjs +97 -0
package/get-shit-done/bin/lib/planning-workspace.cjs +238 -0
package/get-shit-done/bin/lib/profile-output.cjs +1141 -0
package/get-shit-done/bin/lib/profile-pipeline.cjs +539 -0
package/get-shit-done/bin/lib/project-root.cjs +112 -0
package/get-shit-done/bin/lib/prompt-budget.cjs +399 -0
package/get-shit-done/bin/lib/review-reviewer-selection.cjs +125 -0
package/get-shit-done/bin/lib/roadmap-command-router.cjs +28 -0
package/get-shit-done/bin/lib/roadmap.cjs +650 -0
package/get-shit-done/bin/lib/runtime-artifact-layout.cjs +301 -0
package/get-shit-done/bin/lib/runtime-homes.cjs +222 -0
package/get-shit-done/bin/lib/runtime-name-policy.cjs +83 -0
package/get-shit-done/bin/lib/runtime-slash.cjs +112 -0
package/get-shit-done/bin/lib/schema-detect.cjs +165 -0
package/get-shit-done/bin/lib/secrets.cjs +32 -0
package/get-shit-done/bin/lib/security.cjs +600 -0
package/get-shit-done/bin/lib/semver-compare.cjs +35 -0
package/get-shit-done/bin/lib/shell-command-projection.cjs +500 -0
package/get-shit-done/bin/lib/state-command-router.cjs +252 -0
package/get-shit-done/bin/lib/state-document.cjs +263 -0
package/get-shit-done/bin/lib/state.cjs +2038 -0
package/get-shit-done/bin/lib/surface.cjs +470 -0
package/get-shit-done/bin/lib/task-command-router.cjs +81 -0
package/get-shit-done/bin/lib/template.cjs +228 -0
package/get-shit-done/bin/lib/uat.cjs +289 -0
package/get-shit-done/bin/lib/update-context.cjs +209 -0
package/get-shit-done/bin/lib/validate-command-router.cjs +83 -0
package/get-shit-done/bin/lib/validate.cjs +92 -0
package/get-shit-done/bin/lib/verify-command-router.cjs +40 -0
package/get-shit-done/bin/lib/verify.cjs +1511 -0
package/get-shit-done/bin/lib/workstream-inventory-builder.cjs +74 -0
package/get-shit-done/bin/lib/workstream-inventory.cjs +146 -0
package/get-shit-done/bin/lib/workstream-name-policy.cjs +94 -0
package/get-shit-done/bin/lib/workstream.cjs +389 -0
package/get-shit-done/bin/lib/worktree-safety.cjs +985 -0
package/get-shit-done/bin/shared/config-defaults.manifest.json +97 -0
package/get-shit-done/bin/shared/config-schema.manifest.json +175 -0
package/get-shit-done/bin/shared/model-catalog.json +122 -0
package/get-shit-done/bin/shared/runtime-aliases.manifest.json +75 -0
package/get-shit-done/bin/verify-reapply-patches.cjs +352 -0
package/get-shit-done/contexts/dev.md +21 -0
package/get-shit-done/contexts/research.md +22 -0
package/get-shit-done/contexts/review.md +23 -0
package/get-shit-done/references/agent-contracts.md +79 -0
package/get-shit-done/references/ai-evals.md +156 -0
package/get-shit-done/references/ai-frameworks.md +186 -0
package/get-shit-done/references/artifact-types.md +131 -0
package/get-shit-done/references/autonomous-smart-discuss.md +277 -0
package/get-shit-done/references/checkpoints.md +814 -0
package/get-shit-done/references/common-bug-patterns.md +114 -0
package/get-shit-done/references/context-budget.md +85 -0
package/get-shit-done/references/continuation-format.md +253 -0
package/get-shit-done/references/debugger-philosophy.md +76 -0
package/get-shit-done/references/decimal-phase-calculation.md +64 -0
package/get-shit-done/references/doc-conflict-engine.md +91 -0
package/get-shit-done/references/domain-probes.md +125 -0
package/get-shit-done/references/execute-mvp-tdd.md +81 -0
package/get-shit-done/references/executor-examples.md +110 -0
package/get-shit-done/references/few-shot-examples/plan-checker.md +73 -0
package/get-shit-done/references/few-shot-examples/verifier.md +109 -0
package/get-shit-done/references/gate-prompts.md +100 -0
package/get-shit-done/references/gates.md +70 -0
package/get-shit-done/references/git-integration.md +298 -0
package/get-shit-done/references/git-planning-commit.md +40 -0
package/get-shit-done/references/ios-scaffold.md +123 -0
package/get-shit-done/references/mandatory-initial-read.md +2 -0
package/get-shit-done/references/model-profile-resolution.md +38 -0
package/get-shit-done/references/model-profiles.md +245 -0
package/get-shit-done/references/mvp-concepts.md +49 -0
package/get-shit-done/references/phase-argument-parsing.md +61 -0
package/get-shit-done/references/planner-antipatterns.md +89 -0
package/get-shit-done/references/planner-chunked.md +49 -0
package/get-shit-done/references/planner-gap-closure.md +62 -0
package/get-shit-done/references/planner-graphify-auto-update.md +67 -0
package/get-shit-done/references/planner-human-verify-mode.md +57 -0
package/get-shit-done/references/planner-interface-context.md +62 -0
package/get-shit-done/references/planner-mvp-mode.md +53 -0
package/get-shit-done/references/planner-reviews.md +39 -0
package/get-shit-done/references/planner-revision.md +87 -0
package/get-shit-done/references/planner-source-audit.md +73 -0
package/get-shit-done/references/planning-config.md +471 -0
package/get-shit-done/references/project-skills-discovery.md +19 -0
package/get-shit-done/references/questioning.md +162 -0
package/get-shit-done/references/revision-loop.md +97 -0
package/get-shit-done/references/scout-codebase.md +51 -0
package/get-shit-done/references/skeleton-template.md +48 -0
package/get-shit-done/references/sketch-interactivity.md +41 -0
package/get-shit-done/references/sketch-theme-system.md +94 -0
package/get-shit-done/references/sketch-tooling.md +45 -0
package/get-shit-done/references/sketch-variant-patterns.md +81 -0
package/get-shit-done/references/spidr-splitting.md +69 -0
package/get-shit-done/references/tdd.md +330 -0
package/get-shit-done/references/thinking-models-debug.md +44 -0
package/get-shit-done/references/thinking-models-execution.md +50 -0
package/get-shit-done/references/thinking-models-planning.md +62 -0
package/get-shit-done/references/thinking-models-research.md +50 -0
package/get-shit-done/references/thinking-models-verification.md +55 -0
package/get-shit-done/references/thinking-partner.md +96 -0
package/get-shit-done/references/ui-brand.md +160 -0
package/get-shit-done/references/universal-anti-patterns.md +63 -0
package/get-shit-done/references/user-profiling.md +681 -0
package/get-shit-done/references/user-story-template.md +58 -0
package/get-shit-done/references/verification-overrides.md +227 -0
package/get-shit-done/references/verification-patterns.md +612 -0
package/get-shit-done/references/verify-mvp-mode.md +85 -0
package/get-shit-done/references/workstream-flag.md +111 -0
package/get-shit-done/references/worktree-path-safety.md +89 -0
package/get-shit-done/templates/AI-SPEC.md +246 -0
package/get-shit-done/templates/DEBUG.md +169 -0
package/get-shit-done/templates/README.md +77 -0
package/get-shit-done/templates/SECURITY.md +61 -0
package/get-shit-done/templates/UAT.md +265 -0
package/get-shit-done/templates/UI-SPEC.md +100 -0
package/get-shit-done/templates/VALIDATION.md +76 -0
package/get-shit-done/templates/claude-md.md +145 -0
package/get-shit-done/templates/codebase/architecture.md +255 -0
package/get-shit-done/templates/codebase/concerns.md +310 -0
package/get-shit-done/templates/codebase/conventions.md +307 -0
package/get-shit-done/templates/codebase/integrations.md +280 -0
package/get-shit-done/templates/codebase/stack.md +186 -0
package/get-shit-done/templates/codebase/structure.md +285 -0
package/get-shit-done/templates/codebase/testing.md +480 -0
package/get-shit-done/templates/config.json +62 -0
package/get-shit-done/templates/context.md +352 -0
package/get-shit-done/templates/continue-here.md +78 -0
package/get-shit-done/templates/copilot-instructions.md +7 -0
package/get-shit-done/templates/debug-subagent-prompt.md +91 -0
package/get-shit-done/templates/dev-preferences.md +21 -0
package/get-shit-done/templates/discovery.md +146 -0
package/get-shit-done/templates/discussion-log.md +63 -0
package/get-shit-done/templates/milestone-archive.md +123 -0
package/get-shit-done/templates/milestone.md +115 -0
package/get-shit-done/templates/phase-prompt.md +610 -0
package/get-shit-done/templates/planner-subagent-prompt.md +117 -0
package/get-shit-done/templates/project.md +186 -0
package/get-shit-done/templates/requirements.md +231 -0
package/get-shit-done/templates/research-project/ARCHITECTURE.md +204 -0
package/get-shit-done/templates/research-project/FEATURES.md +147 -0
package/get-shit-done/templates/research-project/PITFALLS.md +200 -0
package/get-shit-done/templates/research-project/STACK.md +120 -0
package/get-shit-done/templates/research-project/SUMMARY.md +170 -0
package/get-shit-done/templates/research.md +592 -0
package/get-shit-done/templates/retrospective.md +54 -0
package/get-shit-done/templates/roadmap.md +202 -0
package/get-shit-done/templates/spec.md +307 -0
package/get-shit-done/templates/state.md +195 -0
package/get-shit-done/templates/summary-complex.md +59 -0
package/get-shit-done/templates/summary-minimal.md +41 -0
package/get-shit-done/templates/summary-standard.md +48 -0
package/get-shit-done/templates/summary.md +248 -0
package/get-shit-done/templates/user-profile.md +146 -0
package/get-shit-done/templates/user-setup.md +311 -0
package/get-shit-done/templates/verification-report.md +322 -0
package/get-shit-done/workflows/_runtime-launcher.snippet.sh +1 -0
package/get-shit-done/workflows/add-backlog.md +91 -0
package/get-shit-done/workflows/add-phase.md +113 -0
package/get-shit-done/workflows/add-tests.md +355 -0
package/get-shit-done/workflows/add-todo.md +161 -0
package/get-shit-done/workflows/ai-integration-phase.md +295 -0
package/get-shit-done/workflows/analyze-dependencies.md +96 -0
package/get-shit-done/workflows/audit-fix.md +178 -0
package/get-shit-done/workflows/audit-milestone.md +358 -0
package/get-shit-done/workflows/audit-uat.md +110 -0
package/get-shit-done/workflows/autonomous.md +795 -0
package/get-shit-done/workflows/check-todos.md +180 -0
package/get-shit-done/workflows/cleanup.md +155 -0
package/get-shit-done/workflows/code-review-fix.md +502 -0
package/get-shit-done/workflows/code-review.md +656 -0
package/get-shit-done/workflows/complete-milestone.md +855 -0
package/get-shit-done/workflows/debug.md +232 -0
package/get-shit-done/workflows/diagnose-issues.md +241 -0
package/get-shit-done/workflows/discovery-phase.md +291 -0
package/get-shit-done/workflows/discuss-phase/modes/advisor.md +176 -0
package/get-shit-done/workflows/discuss-phase/modes/all.md +28 -0
package/get-shit-done/workflows/discuss-phase/modes/analyze.md +44 -0
package/get-shit-done/workflows/discuss-phase/modes/auto.md +57 -0
package/get-shit-done/workflows/discuss-phase/modes/batch.md +52 -0
package/get-shit-done/workflows/discuss-phase/modes/chain.md +98 -0
package/get-shit-done/workflows/discuss-phase/modes/default.md +141 -0
package/get-shit-done/workflows/discuss-phase/modes/power.md +44 -0
package/get-shit-done/workflows/discuss-phase/modes/text.md +55 -0
package/get-shit-done/workflows/discuss-phase/templates/checkpoint.json +18 -0
package/get-shit-done/workflows/discuss-phase/templates/context.md +136 -0
package/get-shit-done/workflows/discuss-phase/templates/discussion-log.md +50 -0
package/get-shit-done/workflows/discuss-phase-assumptions.md +675 -0
package/get-shit-done/workflows/discuss-phase-power.md +291 -0
package/get-shit-done/workflows/discuss-phase.md +499 -0
package/get-shit-done/workflows/do.md +111 -0
package/get-shit-done/workflows/docs-update.md +1162 -0
package/get-shit-done/workflows/edit-phase.md +295 -0
package/get-shit-done/workflows/eval-review.md +156 -0
package/get-shit-done/workflows/execute-phase/steps/codebase-drift-gate.md +82 -0
package/get-shit-done/workflows/execute-phase/steps/per-plan-worktree-gate.md +94 -0
package/get-shit-done/workflows/execute-phase/steps/post-merge-gate.md +117 -0
package/get-shit-done/workflows/execute-phase.md +1709 -0
package/get-shit-done/workflows/execute-plan.md +526 -0
package/get-shit-done/workflows/explore.md +144 -0
package/get-shit-done/workflows/extract-learnings.md +243 -0
package/get-shit-done/workflows/fast.md +124 -0
package/get-shit-done/workflows/forensics.md +279 -0
package/get-shit-done/workflows/graduation.md +196 -0
package/get-shit-done/workflows/health.md +224 -0
package/get-shit-done/workflows/help/modes/brief.md +22 -0
package/get-shit-done/workflows/help/modes/default.md +50 -0
package/get-shit-done/workflows/help/modes/full.md +784 -0
package/get-shit-done/workflows/help/modes/topic.md +74 -0
package/get-shit-done/workflows/help.md +24 -0
package/get-shit-done/workflows/import.md +254 -0
package/get-shit-done/workflows/inbox.md +387 -0
package/get-shit-done/workflows/ingest-docs.md +339 -0
package/get-shit-done/workflows/insert-phase.md +152 -0
package/get-shit-done/workflows/list-phase-assumptions.md +178 -0
package/get-shit-done/workflows/list-workspaces.md +57 -0
package/get-shit-done/workflows/manager.md +393 -0
package/get-shit-done/workflows/map-codebase.md +444 -0
package/get-shit-done/workflows/milestone-summary.md +224 -0
package/get-shit-done/workflows/mvp-phase.md +222 -0
package/get-shit-done/workflows/new-milestone.md +635 -0
package/get-shit-done/workflows/new-project.md +1555 -0
package/get-shit-done/workflows/new-workspace.md +240 -0
package/get-shit-done/workflows/next.md +299 -0
package/get-shit-done/workflows/node-repair.md +92 -0
package/get-shit-done/workflows/note.md +158 -0
package/get-shit-done/workflows/pause-work.md +244 -0
package/get-shit-done/workflows/plan-milestone-gaps.md +281 -0
package/get-shit-done/workflows/plan-phase.md +1809 -0
package/get-shit-done/workflows/plan-review-convergence.md +346 -0
package/get-shit-done/workflows/plant-seed.md +230 -0
package/get-shit-done/workflows/pr-branch.md +157 -0
package/get-shit-done/workflows/profile-user.md +453 -0
package/get-shit-done/workflows/progress.md +699 -0
package/get-shit-done/workflows/quick.md +1039 -0
package/get-shit-done/workflows/reapply-patches.md +426 -0
package/get-shit-done/workflows/remove-phase.md +156 -0
package/get-shit-done/workflows/remove-workspace.md +108 -0
package/get-shit-done/workflows/resume-project.md +332 -0
package/get-shit-done/workflows/review.md +623 -0
package/get-shit-done/workflows/scan.md +105 -0
package/get-shit-done/workflows/secure-phase.md +180 -0
package/get-shit-done/workflows/session-report.md +146 -0
package/get-shit-done/workflows/settings-advanced.md +620 -0
package/get-shit-done/workflows/settings-integrations.md +312 -0
package/get-shit-done/workflows/settings.md +552 -0
package/get-shit-done/workflows/ship.md +356 -0
package/get-shit-done/workflows/sketch-wrap-up.md +286 -0
package/get-shit-done/workflows/sketch.md +361 -0
package/get-shit-done/workflows/spec-phase.md +262 -0
package/get-shit-done/workflows/spike-wrap-up.md +307 -0
package/get-shit-done/workflows/spike.md +453 -0
package/get-shit-done/workflows/stats.md +80 -0
package/get-shit-done/workflows/sync-skills.md +182 -0
package/get-shit-done/workflows/thread.md +222 -0
package/get-shit-done/workflows/transition.md +694 -0
package/get-shit-done/workflows/ui-phase.md +328 -0
package/get-shit-done/workflows/ui-review.md +193 -0
package/get-shit-done/workflows/ultraplan-phase.md +199 -0
package/get-shit-done/workflows/undo.md +314 -0
package/get-shit-done/workflows/update.md +443 -0
package/get-shit-done/workflows/validate-phase.md +179 -0
package/get-shit-done/workflows/verify-phase.md +544 -0
package/get-shit-done/workflows/verify-work.md +781 -0
package/hooks/dist/gsd-check-update-worker.js +95 -0
package/hooks/dist/gsd-check-update.js +64 -0
package/hooks/dist/gsd-context-monitor.js +195 -0
package/hooks/dist/gsd-graphify-update.sh +158 -0
package/hooks/dist/gsd-phase-boundary.sh +47 -0
package/hooks/dist/gsd-prompt-guard.js +97 -0
package/hooks/dist/gsd-read-guard.js +101 -0
package/hooks/dist/gsd-read-injection-scanner.js +203 -0
package/hooks/dist/gsd-session-state.sh +59 -0
package/hooks/dist/gsd-statusline.js +548 -0
package/hooks/dist/gsd-update-banner.js +134 -0
package/hooks/dist/gsd-validate-commit.sh +57 -0
package/hooks/dist/gsd-workflow-guard.js +166 -0
package/hooks/dist/lib/git-cmd.js +150 -0
package/hooks/dist/lib/gsd-graphify-rebuild.sh +65 -0
package/hooks/gsd-check-update-worker.js +95 -0
package/hooks/gsd-check-update.js +64 -0
package/hooks/gsd-context-monitor.js +195 -0
package/hooks/gsd-graphify-update.sh +158 -0
package/hooks/gsd-phase-boundary.sh +47 -0
package/hooks/gsd-prompt-guard.js +97 -0
package/hooks/gsd-read-guard.js +101 -0
package/hooks/gsd-read-injection-scanner.js +203 -0
package/hooks/gsd-session-state.sh +59 -0
package/hooks/gsd-statusline.js +548 -0
package/hooks/gsd-update-banner.js +134 -0
package/hooks/gsd-validate-commit.sh +57 -0
package/hooks/gsd-workflow-guard.js +166 -0
package/hooks/lib/git-cmd.js +150 -0
package/hooks/lib/gsd-graphify-rebuild.sh +65 -0
package/hooks/managed-hooks-registry.cjs +34 -0
package/package.json +102 -0
package/scripts/affected-tests-lib.cjs +541 -0
package/scripts/audit-workflow-script-paths.cjs +73 -0
package/scripts/base64-scan.sh +339 -0
package/scripts/build-hooks.js +236 -0
package/scripts/changeset/README.md +129 -0
package/scripts/changeset/cli.cjs +392 -0
package/scripts/changeset/github-release-notes.cjs +199 -0
package/scripts/changeset/lint.cjs +110 -0
package/scripts/changeset/new.cjs +137 -0
package/scripts/changeset/parse.cjs +114 -0
package/scripts/changeset/render.cjs +34 -0
package/scripts/changeset/serialize.cjs +130 -0
package/scripts/check-alias-drift.cjs +108 -0
package/scripts/check-env.cjs +302 -0
package/scripts/check-npm-integrity.cjs +209 -0
package/scripts/ci-guard-runner.cjs +16 -0
package/scripts/ci-prepare-test-scope.cjs +46 -0
package/scripts/ci-rebase-check.cjs +85 -0
package/scripts/ci-test-scope.cjs +302 -0
package/scripts/command-contract-helpers.cjs +64 -0
package/scripts/diff-touches-shipped-paths.cjs +147 -0
package/scripts/fix-slash-commands.cjs +147 -0
package/scripts/gen-inventory-manifest.cjs +109 -0
package/scripts/generate-package-identity.cjs +104 -0
package/scripts/lint-command-contract.cjs +108 -0
package/scripts/lint-descriptions.cjs +83 -0
package/scripts/lint-docs-required.cjs +222 -0
package/scripts/lint-no-source-grep-extras.cjs +81 -0
package/scripts/lint-no-source-grep.cjs +174 -0
package/scripts/lint-package-identity-drift.cjs +141 -0
package/scripts/lint-pr-check-project-dir.cjs +98 -0
package/scripts/lint-shared-module-handsync.cjs +388 -0
package/scripts/lint-shell-command-projection-drift.cjs +57 -0
package/scripts/lint-skill-deps.cjs +180 -0
package/scripts/lint-test-file-count.allowlist.json +36 -0
package/scripts/lint-test-file-count.cjs +190 -0
package/scripts/pr-template-policy.cjs +268 -0
package/scripts/prompt-injection-scan.sh +203 -0
package/scripts/release-tarball-smoke.cjs +627 -0
package/scripts/run-affected-tests.cjs +6 -0
package/scripts/run-cross-platform-tests.cjs +63 -0
package/scripts/run-tests.cjs +282 -0
package/scripts/secret-scan-lint.sh +231 -0
package/scripts/secret-scan.sh +358 -0
package/scripts/setup-branch-protection.sh +236 -0
package/scripts/shared-module-handsync-allowlist.json +183 -0
package/scripts/strip-prose-atrefs.cjs +106 -0
package/scripts/sync-rulesets.sh +34 -0
package/scripts/sync-runtime-launcher.cjs +402 -0
package/scripts/test-failure-reasons.cjs +34 -0
package/scripts/workflow-policy.cjs +450 -0

package/scripts/run-tests.cjs ADDED Viewed

@@ -0,0 +1,282 @@
+#!/usr/bin/env node
+// Cross-platform test runner — resolves test file globs via Node
+// instead of relying on shell expansion (which fails on Windows PowerShell/cmd).
+// Propagates NODE_V8_COVERAGE so c8 collects coverage from the child process.
+//
+// Suite filtering (issue #3597):
+//   node scripts/run-tests.cjs                 # default — runs ALL tests (backcompat)
+//   node scripts/run-tests.cjs --suite all     # explicit "everything"
+//   node scripts/run-tests.cjs --suite unit    # only files with no other suite marker
+//   node scripts/run-tests.cjs --suite security    # *.security.test.cjs
+//   node scripts/run-tests.cjs --suite integration # *.integration.test.cjs
+//   node scripts/run-tests.cjs --suite install     # *.install.test.cjs
+//   node scripts/run-tests.cjs --suite slow        # *.slow.test.cjs
+//   node scripts/run-tests.cjs --files "a.test.cjs b.test.cjs"
+//   node scripts/run-tests.cjs --files-from /tmp/selected-tests.txt
+//
+// Suite grouping convention: filename suffix marker before `.test.cjs`.
+// A file named `foo.security.test.cjs` belongs to the `security` suite.
+// A file named `foo.test.cjs` (no marker) belongs to the `unit` suite.
+// See docs/TESTING-SUITES.md for full grouping policy.
+'use strict';
+const { readdirSync } = require('fs');
+const { join } = require('path');
+const { execFileSync } = require('child_process');
+const SUITES = ['all', 'unit', 'integration', 'install', 'security', 'slow'];
+const MARKED_SUITES = ['integration', 'install', 'security', 'slow'];
+function parseArgs(argv) {
+  let suite = null;
+  let seen = false;
+  let files = null;
+  let filesFrom = null;
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === '--suite') {
+      if (seen) {
+        return { error: 'duplicate --suite flag' };
+      }
+      seen = true;
+      const v = argv[i + 1];
+      if (!v || v.startsWith('--')) {
+        return { error: '--suite requires a value' };
+      }
+      suite = v;
+      i++;
+    } else if (a.startsWith('--suite=')) {
+      if (seen) {
+        return { error: 'duplicate --suite flag' };
+      }
+      seen = true;
+      suite = a.slice('--suite='.length);
+      if (!suite) {
+        return { error: '--suite requires a value' };
+      }
+    } else if (a === '--files') {
+      if (files !== null) {
+        return { error: 'duplicate --files flag' };
+      }
+      const v = argv[i + 1];
+      if (!v || v.startsWith('--')) {
+        return { error: '--files requires a value' };
+      }
+      files = v;
+      i++;
+    } else if (a.startsWith('--files=')) {
+      if (files !== null) {
+        return { error: 'duplicate --files flag' };
+      }
+      files = a.slice('--files='.length);
+      if (!files) {
+        return { error: '--files requires a value' };
+      }
+    } else if (a === '--files-from') {
+      if (filesFrom !== null) {
+        return { error: 'duplicate --files-from flag' };
+      }
+      const v = argv[i + 1];
+      if (!v || v.startsWith('--')) {
+        return { error: '--files-from requires a value' };
+      }
+      filesFrom = v;
+      i++;
+    } else if (a.startsWith('--files-from=')) {
+      if (filesFrom !== null) {
+        return { error: 'duplicate --files-from flag' };
+      }
+      filesFrom = a.slice('--files-from='.length);
+      if (!filesFrom) {
+        return { error: '--files-from requires a value' };
+      }
+    } else {
+      return { error: `unknown argument: ${a}` };
+    }
+  }
+  if (files !== null && filesFrom !== null) {
+    return { error: '--files and --files-from cannot be combined' };
+  }
+  return { suite, files, filesFrom };
+}
+// Return the marked suite name embedded in a filename, or null if it's unmarked.
+// foo.security.test.cjs -> "security"
+// foo.test.cjs          -> null (unit)
+function suiteOf(filename) {
+  if (!filename.endsWith('.test.cjs')) return null;
+  const base = filename.slice(0, -'.test.cjs'.length);
+  const lastDot = base.lastIndexOf('.');
+  if (lastDot === -1) return null;
+  const marker = base.slice(lastDot + 1);
+  return MARKED_SUITES.includes(marker) ? marker : null;
+}
+function selectFiles(allFiles, suite) {
+  if (suite === null || suite === 'all') {
+    return allFiles;
+  }
+  if (suite === 'unit') {
+    return allFiles.filter(f => suiteOf(f) === null);
+  }
+  return allFiles.filter(f => suiteOf(f) === suite);
+}
+function splitFileList(value) {
+  if (!value) return [];
+  return value
+    .split(/[,\s]+/)
+    .map(v => v.trim())
+    .filter(Boolean)
+    .map(v => v.replace(/^tests[\\/]/, ''));
+}
+function selectExplicitFiles(allFiles, filesValue, filesFrom) {
+  const fs = require('fs');
+  const requested = filesFrom
+    ? splitFileList(fs.readFileSync(filesFrom, 'utf8'))
+    : splitFileList(filesValue);
+  const available = new Set(allFiles);
+  const selected = [];
+  const missing = [];
+  for (const file of requested) {
+    if (available.has(file)) {
+      selected.push(file);
+    } else {
+      missing.push(file);
+    }
+  }
+  if (missing.length > 0) {
+    return {
+      error: `requested test file(s) not found: ${missing.join(', ')}`,
+    };
+  }
+  return { files: [...new Set(selected)] };
+}
+function main() {
+  const args = process.argv.slice(2);
+  const parsed = parseArgs(args);
+  if (parsed.error) {
+    console.error(`run-tests: ${parsed.error}`);
+    console.error(`Valid suites: ${SUITES.join(', ')}`);
+    process.exit(2);
+  }
+  const suite = parsed.suite;
+  if (suite !== null && !SUITES.includes(suite)) {
+    console.error(`run-tests: unknown suite "${suite}"`);
+    console.error(`Valid suites: ${SUITES.join(', ')}`);
+    process.exit(2);
+  }
+  const testDir = process.env.GSD_TEST_DIR
+    ? process.env.GSD_TEST_DIR
+    : join(__dirname, '..', 'tests');
+  const allFiles = readdirSync(testDir)
+    .filter(f => f.endsWith('.test.cjs'))
+    .sort();
+  if (allFiles.length === 0) {
+    console.error(`No test files found in ${testDir}`);
+    process.exit(1);
+  }
+  let selectedNames;
+  if (parsed.files !== null || parsed.filesFrom !== null) {
+    const explicit = selectExplicitFiles(allFiles, parsed.files, parsed.filesFrom);
+    if (explicit.error) {
+      console.error(`run-tests: ${explicit.error}`);
+      process.exit(2);
+    }
+    selectedNames = explicit.files;
+  } else {
+    selectedNames = selectFiles(allFiles, suite);
+  }
+  const selected = selectedNames.map(f => join(testDir, f));
+  if (selected.length === 0) {
+    // Empty suite: report and exit 0 so empty lanes (e.g. `security` before
+    // adversarial tests land) don't gate CI. CI consumers wanting strictness
+    // can grep stderr for "no tests in suite".
+    console.error(`run-tests: no tests in suite "${suite || 'all'}"`);
+    process.exit(0);
+  }
+  // Log selected files to stderr for CI / harness-test visibility.
+  // node:test default reporter doesn't echo filenames, so this gives
+  // operators a single stable line they can grep.
+  console.error(
+    `run-tests: suite="${suite || 'all'}" files=${selected.length}: ${selected
+      .map(f => f.split(/[\\/]/).pop())
+      .join(' ')}`,
+  );
+  // Default concurrency: 4 on Linux/macOS, 2 on Windows.
+  //
+  // Windows has significantly higher per-subprocess overhead than Linux/macOS:
+  //   - Windows Defender scans each spawned process
+  //   - NTFS has higher file-system latency under concurrent access
+  //   - synckit worker_threads (used by the SDK bridge in gsd-tools.cjs) spawn
+  //     native threads that contend on SharedArrayBuffer + Atomics.wait; under
+  //     Node 24 on Windows, 4-way concurrent gsd-tools invocations (each spawning
+  //     a synckit worker) caused intermittent process crashes with empty stderr —
+  //     a signature of OS-level resource exhaustion killing worker threads before
+  //     they could flush. Reducing to 2 halves the peak concurrent worker count.
+  //
+  // Operator override via TEST_CONCURRENCY env var for local debugging.
+  const defaultConcurrency = process.platform === 'win32' ? 2 : 4;
+  const concurrency = process.env.TEST_CONCURRENCY
+    ? `--test-concurrency=${process.env.TEST_CONCURRENCY}`
+    : `--test-concurrency=${defaultConcurrency}`;
+  // Windows `CreateProcess` caps the full command line at 32,767 chars
+  // (lpCommandLine). With 500+ test paths the spawn fails instantly with no
+  // test output. Linux/macOS allow ~2 MB (ARG_MAX) so unchunked spawns are
+  // fine there. Split into chunks sized for the tightest target so behavior
+  // is identical across platforms. (#3597)
+  // Operator override (also used by tests to force chunking with short paths).
+  const MAX_CMDLINE_CHARS = process.env.RUN_TESTS_MAX_CMDLINE_CHARS
+    ? Number(process.env.RUN_TESTS_MAX_CMDLINE_CHARS)
+    : 28000; // headroom below the 32,767 Windows ceiling
+  const FIXED_OVERHEAD = process.execPath.length + '--test'.length + concurrency.length + 8;
+  const chunks = [];
+  let current = [];
+  let currentLen = FIXED_OVERHEAD;
+  for (const file of selected) {
+    const add = file.length + 1; // +1 for the inter-arg separator
+    if (current.length > 0 && currentLen + add > MAX_CMDLINE_CHARS) {
+      chunks.push(current);
+      current = [];
+      currentLen = FIXED_OVERHEAD;
+    }
+    current.push(file);
+    currentLen += add;
+  }
+  if (current.length > 0) chunks.push(current);
+  let firstFailureExit = 0;
+  for (let i = 0; i < chunks.length; i++) {
+    if (chunks.length > 1) {
+      console.error(`run-tests: chunk ${i + 1}/${chunks.length} — ${chunks[i].length} files`);
+    }
+    try {
+      execFileSync(process.execPath, ['--test', concurrency, ...chunks[i]], {
+        stdio: 'inherit',
+        env: { ...process.env },
+      });
+    } catch (err) {
+      const code = err.status || 1;
+      // Run every chunk so the operator sees all failures in one pass; report
+      // the first non-zero exit at the end.
+      if (firstFailureExit === 0) firstFailureExit = code;
+    }
+  }
+  if (firstFailureExit !== 0) process.exit(firstFailureExit);
+}
+if (require.main === module) {
+  main();
+}
+module.exports = { suiteOf };

package/scripts/secret-scan-lint.sh ADDED Viewed

@@ -0,0 +1,231 @@
+#!/usr/bin/env bash
+# secret-scan-lint.sh — Lint governance policy for .secretscanignore exclusions
+#
+# Usage:
+#   scripts/secret-scan-lint.sh --file <path-to-.secretscanignore>
+#   scripts/secret-scan-lint.sh --file <path-to-.secretscanignore> --strict
+#
+# Exit codes:
+#   0 = every exclusion has full annotation OR is grandfathered (with deprecation warning)
+#   1 = annotation violation: missing required key, expired date, or unguarded wildcard
+#       without rule-id; OR (under --strict) any grandfathered entry is present
+#   2 = usage/config error (file not found, invalid arguments)
+#
+# Annotation syntax (sidecar comment, must immediately precede the path line):
+#   # allow: <pattern>  reason="..."  owner="..."  expires="YYYY-MM-DD"  [rule-id="..."]
+#   <pattern>
+#
+# Required annotation keys: reason, owner, expires
+# Optional annotation key:  rule-id (REQUIRED when pattern contains '*' wildcards)
+#
+# Grandfathered entries: paths with any preceding plain comment (not a structured
+# annotation) are treated as grandfathered in default mode — exit 0 with a
+# deprecation warning to stderr. Under --strict, grandfathered entries cause exit 1.
+#
+# Design references:
+#   - GitGuardian exclusion annotation convention:
+#     https://docs.gitguardian.com/internal-repositories-monitoring/integrations/cli/secrets
+#   - CNCF Security TAG threat-model exception lifecycle:
+#     https://github.com/cncf/tag-security/blob/main/community/working-groups/threat-modeling/templates/threats.md
+#
+# Exit-code alignment with secret-scan.sh:
+#   Both scripts use 0=clean, 1=policy-violation/findings, 2=usage/config-error.
+#   The symmetry is intentional — CI can treat either non-zero as a gate failure.
+set -euo pipefail
+# ─── Argument Parsing ─────────────────────────────────────────────────────────
+STRICT=false
+IGNOREFILE=""
+usage() {
+  echo "Usage: $0 --file <path-to-.secretscanignore> [--strict]" >&2
+  exit 2
+}
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --file)
+      shift
+      [[ $# -eq 0 ]] && usage
+      IGNOREFILE="$1"
+      shift
+      ;;
+    --strict)
+      STRICT=true
+      shift
+      ;;
+    -h|--help)
+      usage
+      ;;
+    *)
+      echo "Error: unknown argument: $1" >&2
+      usage
+      ;;
+  esac
+done
+if [[ -z "$IGNOREFILE" ]]; then
+  usage
+fi
+if [[ ! -f "$IGNOREFILE" ]]; then
+  echo "Error: file not found: $IGNOREFILE" >&2
+  exit 2
+fi
+# ─── Date Helpers ─────────────────────────────────────────────────────────────
+# Returns today's date as YYYY-MM-DD (portable across macOS and Linux)
+today_date() {
+  date +%Y-%m-%d
+}
+# Returns true (0) if date1 < date2 (both YYYY-MM-DD strings)
+date_is_past() {
+  local check_date="$1"
+  local today
+  today=$(today_date)
+  # Lexicographic comparison works for ISO-8601 dates
+  [[ "$check_date" < "$today" ]]
+}
+# ─── Annotation Parser ────────────────────────────────────────────────────────
+# Returns value of a key="value" or key='value' pair from a string.
+# Usage: extract_key <string> <key>
+extract_key() {
+  local str="$1"
+  local key="$2"
+  # Match key="value" or key='value'
+  local val
+  val=$(echo "$str" | grep -oE "${key}=['\"][^'\"]+['\"]" | head -1 | sed "s/${key}=['\"]//;s/['\"]$//") || true
+  echo "$val"
+}
+# Returns true (0) if the string contains a wildcard glob character (* or **)
+contains_wildcard() {
+  local pattern="$1"
+  [[ "$pattern" == *"*"* ]]
+}
+# Returns true (0) if a comment line is a structured annotation
+# (must start with "# allow:" prefix)
+is_structured_annotation() {
+  local comment="$1"
+  [[ "$comment" =~ ^#[[:space:]]+allow:[[:space:]] ]]
+}
+# ─── Main Lint Logic ──────────────────────────────────────────────────────────
+VIOLATIONS=0
+WARNINGS=0
+# We process the file line-by-line, tracking the comment immediately preceding
+# each path entry. If the preceding line was a comment, we inspect it.
+prev_comment=""
+lineno=0
+while IFS= read -r line || [[ -n "$line" ]]; do
+  lineno=$((lineno + 1))
+  # Skip empty lines (reset prev_comment to avoid false association)
+  if [[ -z "${line// }" ]]; then
+    prev_comment=""
+    continue
+  fi
+  # Accumulate comment lines
+  if [[ "$line" =~ ^[[:space:]]*# ]]; then
+    prev_comment="$line"
+    continue
+  fi
+  # This is a path/pattern entry.
+  local_path="$line"
+  # ── Case 1: No preceding comment at all ────────────────────────────────────
+  if [[ -z "$prev_comment" ]]; then
+    echo "VIOLATION (line $lineno): '$local_path' has no annotation comment." >&2
+    echo "  Required: # allow: <pattern>  reason=\"...\"  owner=\"...\"  expires=\"YYYY-MM-DD\"" >&2
+    VIOLATIONS=$((VIOLATIONS + 1))
+    prev_comment=""
+    continue
+  fi
+  # ── Case 2: Preceding comment exists — check if it's a structured annotation ─
+  if is_structured_annotation "$prev_comment"; then
+    # Extract required keys
+    reason=$(extract_key "$prev_comment" "reason")
+    owner=$(extract_key "$prev_comment" "owner")
+    expires=$(extract_key "$prev_comment" "expires")
+    rule_id=$(extract_key "$prev_comment" "rule-id")
+    local_ok=true
+    if [[ -z "$reason" ]]; then
+      echo "VIOLATION (line $lineno): '$local_path' annotation missing required key: reason" >&2
+      local_ok=false
+    fi
+    if [[ -z "$owner" ]]; then
+      echo "VIOLATION (line $lineno): '$local_path' annotation missing required key: owner" >&2
+      local_ok=false
+    fi
+    if [[ -z "$expires" ]]; then
+      echo "VIOLATION (line $lineno): '$local_path' annotation missing required key: expires" >&2
+      local_ok=false
+    elif date_is_past "$expires"; then
+      echo "VIOLATION (line $lineno): '$local_path' annotation 'expires' date is in the past: $expires" >&2
+      echo "  Review this exclusion and update or remove it." >&2
+      local_ok=false
+    fi
+    if contains_wildcard "$local_path" && [[ -z "$rule_id" ]]; then
+      echo "VIOLATION (line $lineno): '$local_path' uses a wildcard but is missing required key: rule-id" >&2
+      echo "  Wildcard exclusions (**  *.ext) require an explicit rule-id for auditability." >&2
+      local_ok=false
+    fi
+    if [[ "$local_ok" == false ]]; then
+      VIOLATIONS=$((VIOLATIONS + 1))
+    fi
+  else
+    # ── Case 3: Preceding comment is plain (not structured) — grandfathered ──
+    if [[ "$STRICT" == true ]]; then
+      echo "VIOLATION (line $lineno): '$local_path' is grandfathered (no structured annotation) — rejected under --strict mode." >&2
+      echo "  Add: # allow: $local_path  reason=\"...\"  owner=\"...\"  expires=\"YYYY-MM-DD\"" >&2
+      VIOLATIONS=$((VIOLATIONS + 1))
+    else
+      echo "WARNING (line $lineno): '$local_path' is grandfathered (missing structured annotation)." >&2
+      echo "  DEPRECATION: migrate to structured annotation before removing grandfather status." >&2
+      echo "  Required: # allow: $local_path  reason=\"...\"  owner=\"...\"  expires=\"YYYY-MM-DD\"" >&2
+      echo "  See: https://docs.gitguardian.com/internal-repositories-monitoring/integrations/cli/secrets" >&2
+      WARNINGS=$((WARNINGS + 1))
+    fi
+  fi
+  prev_comment=""
+done < "$IGNOREFILE"
+# ─── Summary ──────────────────────────────────────────────────────────────────
+if [[ $VIOLATIONS -gt 0 ]]; then
+  echo "secret-scan-lint: $VIOLATIONS violation(s) found" >&2
+  if [[ $STRICT == true ]]; then
+    echo "secret-scan-lint: --strict mode active — grandfathered entries are not permitted" >&2
+  fi
+  exit 1
+fi
+if [[ $WARNINGS -gt 0 ]]; then
+  echo "secret-scan-lint: $WARNINGS grandfathered entry/entries (deprecation warning)" >&2
+fi
+echo "secret-scan-lint: OK"
+exit 0