@opengsd/gsd-pi 1.1.1-dev.3ea310e → 1.1.1-dev.74e8dd1

package/dist/resources/extensions/gsd/bootstrap/register-hooks.js

@@ -28,7 +28,9 @@ import { approvalGateIdForUnit, isExplicitApprovalResponse, shouldPauseForUserAp
 import { applyUnitSkillVisibility, unitHasSkillManifest } from "../skill-scope.js";
 import { getGuidedUnitContext } from "../guided-unit-context.js";
 import { registerPlanMilestoneSchemaRecovery } from "./plan-milestone-schema-recovery.js";
-import { AUTO_UNIT_SCOPED_TOOLS, isWorkflowAliasTool } from "../auto-unit-tool-scope.js";
+import { AUTO_UNIT_SCOPED_TOOLS, RUN_UAT_BROWSER_TOOL_NAMES, isWorkflowAliasTool } from "../auto-unit-tool-scope.js";
+import { filterToolsForProvider } from "../model-router.js";
+import { RUN_UAT_WORKFLOW_TOOL_NAMES } from "../tool-presentation-plan.js";
 let approvalQuestionAbortInFlight = false;
 async function loadWelcomeScreenModule() {
     const candidates = [];
@@ -104,6 +106,7 @@ export const MINIMAL_GSD_TOOL_NAMES = [
     "gsd_resume",
     "gsd_milestone_status",
     "gsd_checkpoint_db",
+    "gsd_plan_milestone",
     "memory_query",
     "capture_thought",
 ];
@@ -187,6 +190,9 @@ export function buildMinimalGsdToolSet(activeToolNames) {
     return withPreservedShimTools([...new Set([...preserved, ...minimal])]);
 }
 export function buildMinimalAutoGsdToolSet(activeToolNames, unitType, registeredToolNames = activeToolNames) {
+    if (unitType === "run-uat") {
+        return buildRunUatGsdToolSet(activeToolNames, registeredToolNames);
+    }
     const unitTools = unitType ? AUTO_UNIT_SCOPED_TOOLS[unitType] ?? [] : [];
     const autoBaseTools = new Set(MINIMAL_AUTO_BASE_TOOL_NAMES);
     const availableBaseTools = registeredToolNames.filter((name) => autoBaseTools.has(name));
@@ -197,6 +203,10 @@ export function buildMinimalAutoGsdToolSet(activeToolNames, unitType, registered
     const scoped = resolveScopedToolNames([...activeToolNames, ...registeredToolNames], [...MINIMAL_GSD_TOOL_NAMES, ...unitTools]);
     return withPreservedShimTools([...new Set([...preserved, ...scoped])]);
 }
+export function buildRunUatGsdToolSet(activeToolNames, registeredToolNames = activeToolNames) {
+    const scoped = resolveScopedToolNames([...activeToolNames, ...registeredToolNames], [...RUN_UAT_WORKFLOW_TOOL_NAMES, "subagent", ...RUN_UAT_BROWSER_TOOL_NAMES]);
+    return [...new Set(scoped)];
+}
 export function buildMinimalGsdWorkflowToolSet(activeToolNames, registeredToolNames = activeToolNames) {
     const autoBaseTools = new Set(MINIMAL_AUTO_BASE_TOOL_NAMES);
     const availableBaseTools = registeredToolNames.filter((name) => autoBaseTools.has(name));
@@ -836,10 +846,8 @@ export function registerHooks(pi, ecosystemHandlers) {
         if (result.block)
             return result;
     });
-    // ── Safety harness: evidence collection + destructive command warnings ──
+    // ── Safety harness: evidence collection + destructive command blocking ──
     pi.on("tool_call", async (event, ctx) => {
-        if (!isAutoActive())
-            return;
         markToolStart(event.toolCallId, event.toolName);
         safetyRecordToolCall(event.toolCallId, event.toolName, event.input);
         // Persist immediately at dispatch so a mid-unit re-dispatch — which calls
@@ -854,14 +862,23 @@ export function registerHooks(pi, ecosystemHandlers) {
                 saveEvidenceToDisk(callDash.basePath, cMid, cSid, cTid);
             }
         }
-        // Destructive command classification (warn only, never block)
+        // Destructive command classification + hard gate in all modes.
         if (isToolCallEventType("bash", event)) {
             const classification = classifyCommand(event.input.command);
             if (classification.destructive) {
+                const reason = [
+                    "HARD BLOCK: destructive Bash command requires explicit human confirmation.",
+                    `Detected: ${classification.labels.join(", ")}`,
+                    "Run this via ask_user_questions, wait for the user's response,",
+                    "then issue the command only when confirmed in the current turn.",
+                ].join(" ");
                 safetyLogWarning("safety", `destructive command: ${classification.labels.join(", ")}`, {
                     command: String(event.input.command).slice(0, 200),
                 });
-                ctx.ui.notify(`Destructive command detected: ${classification.labels.join(", ")}`, "warning");
+                if (ctx) {
+                    await maybePauseAutoForApprovalGate(ctx, pi, isAutoActive(), "Depth confirmation is waiting for your answer — pausing auto-mode.");
+                }
+                return { block: true, reason };
             }
         }
     });
@@ -1123,21 +1140,25 @@ export function registerHooks(pi, ecosystemHandlers) {
         const fullToolsRequested = isFullGsdToolSurfaceRequested();
         const dropAliases = !fullToolsRequested;
         const dropBrowser = !fullToolsRequested && !isBrowserToolSurfaceRequested();
-        const providerCompatible = compatible.filter((name) => !(dropAliases && isWorkflowAliasTool(name)) && !(dropBrowser && isBrowserTool(name)));
+        const aliasFilteredCompatible = compatible.filter((name) => !(dropAliases && isWorkflowAliasTool(name)));
+        const providerCompatible = aliasFilteredCompatible.filter((name) => !(dropBrowser && isBrowserTool(name)));
         const surfaceReduced = providerCompatible.length !== compatible.length;
         if (fullToolsRequested) {
             return surfaceReduced ? { toolNames: providerCompatible } : undefined;
         }
         const registeredToolNames = resolveRegisteredToolNames(pi, event.activeToolNames);
+        const compatibleRegisteredToolNames = filterToolsForProvider(registeredToolNames, event.selectedModelApi, event.selectedModelProvider).compatible.filter((name) => !(dropAliases && isWorkflowAliasTool(name)));
         const guidedUnit = getGuidedUnitContext();
-        const requestScoped = buildRequestScopedGsdToolSet(providerCompatible, event.requestCustomMessages, registeredToolNames, guidedUnit?.unitType);
+        const requestScoped = buildRequestScopedGsdToolSet(guidedUnit?.unitType === "run-uat" ? aliasFilteredCompatible : providerCompatible, event.requestCustomMessages, guidedUnit?.unitType === "run-uat" ? compatibleRegisteredToolNames : registeredToolNames, guidedUnit?.unitType);
         if (requestScoped) {
             return { toolNames: requestScoped };
         }
         const dash = getAutoRuntimeSnapshot();
         if (dash.active && dash.currentUnit) {
             return {
-                toolNames: buildMinimalAutoGsdToolSet(providerCompatible, dash.currentUnit.type, resolveRegisteredToolNames(pi, event.activeToolNames)),
+                toolNames: buildMinimalAutoGsdToolSet(dash.currentUnit.type === "run-uat" ? aliasFilteredCompatible : providerCompatible, dash.currentUnit.type, dash.currentUnit.type === "run-uat"
+                    ? compatibleRegisteredToolNames
+                    : resolveRegisteredToolNames(pi, event.activeToolNames)),
             };
         }
         if (isGeneralGsdToolScopingRequested()) {

package/dist/resources/extensions/gsd/bootstrap/write-gate.js

@@ -565,6 +565,7 @@ const PLANNING_SUBAGENT_TOOLS = new Set(["subagent", "task"]);
  * manifests still declare per-unit subsets via ToolsPolicy.allowedSubagents.
  */
 const PLANNING_DISPATCH_AGENT_REGISTRY = {
+    mnemo: { readOnlySpecialist: true },
     scout: { readOnlySpecialist: true },
     planner: { readOnlySpecialist: true },
     reviewer: { readOnlySpecialist: true },
@@ -574,7 +575,7 @@ const PLANNING_DISPATCH_AGENT_REGISTRY = {
 export const ALLOWED_PLANNING_DISPATCH_AGENTS = new Set(Object.entries(PLANNING_DISPATCH_AGENT_REGISTRY)
     .filter(([, metadata]) => metadata.readOnlySpecialist)
     .map(([agentId]) => agentId));
-let warnedMissingPlanningDispatchAgentClasses = false;
+let warnedMissingControlledDispatchAgentClasses = false;
 function isReadOnlySpecialist(agentId) {
     const metadata = PLANNING_DISPATCH_AGENT_REGISTRY[agentId];
     return metadata?.readOnlySpecialist === true;
@@ -582,12 +583,16 @@ function isReadOnlySpecialist(agentId) {
 function allowedPlanningDispatchAgentsList() {
     return [...ALLOWED_PLANNING_DISPATCH_AGENTS].join(", ");
 }
-function warnMissingPlanningDispatchAgentClasses(unitType, mode, toolName) {
-    if (warnedMissingPlanningDispatchAgentClasses)
+function allowsControlledSubagentDispatch(policy) {
+    return ((policy.mode === "planning-dispatch" || policy.mode === "verification") &&
+        Array.isArray(policy.allowedSubagents));
+}
+function warnMissingControlledDispatchAgentClasses(unitType, mode, toolName) {
+    if (warnedMissingControlledDispatchAgentClasses)
         return;
-    warnedMissingPlanningDispatchAgentClasses = true;
+    warnedMissingControlledDispatchAgentClasses = true;
     // TODO(#5060): Remove this migration shim once all subagent/task callers are verified to forward agent identities.
-    const message = `[write-gate] planning-dispatch: shouldBlockPlanningUnit called for tool "${toolName}" ` +
+    const message = `[write-gate] controlled-dispatch: shouldBlockPlanningUnit called for tool "${toolName}" ` +
         `on unit "${unitType}" without agentClasses - stale caller; blocking dispatch.`;
     console.warn(message);
     logWarning("intercept", message, {
@@ -653,8 +658,9 @@ function blockReason(unitType, mode, what) {
  *   - "docs"       → like "planning" but also allows writes to paths
  *                    matching `allowedPathGlobs` relative to basePath.
  *   - "verification"
- *                  → allows Bash for project verification commands, but keeps
- *                    writes restricted to .gsd/ and blocks subagent dispatch.
+ *                  → allows Bash for project verification commands, keeps
+ *                    writes restricted to .gsd/, and permits subagent dispatch
+ *                    only when the manifest declares allowedSubagents.
  *
  * `pathOrCommand` is the file path for write/edit-shaped tools and the
  * shell command for bash. Other tools ignore this argument.
@@ -695,7 +701,7 @@ export function shouldBlockPlanningUnit(toolName, pathOrCommand, basePath, unitT
     if (tool.startsWith("gsd_"))
         return { block: false };
     if (PLANNING_SUBAGENT_TOOLS.has(tool)) {
-        if (policy.mode === "planning-dispatch") {
+        if (allowsControlledSubagentDispatch(policy)) {
             const requested = (agentClasses ?? []).map(a => a.trim()).filter(Boolean);
             const dispatchContract = compileSubagentPermissionContract(policy);
             const allowedSubagents = dispatchContract.allowedSubagents;
@@ -704,7 +710,7 @@ export function shouldBlockPlanningUnit(toolName, pathOrCommand, basePath, unitT
             // agent identities yet. Block and warn so stale callers surface in telemetry
             // instead of silently bypassing the gate.
             if (agentClasses === undefined) {
-                warnMissingPlanningDispatchAgentClasses(unitType, policy.mode, tool);
+                warnMissingControlledDispatchAgentClasses(unitType, policy.mode, tool);
                 return {
                     block: true,
                     reason: blockReason(unitType, policy.mode, `subagent dispatch blocked: stale caller did not supply agent identities for "${tool}"; update extractSubagentAgentClasses to handle this input shape`),
@@ -720,7 +726,7 @@ export function shouldBlockPlanningUnit(toolName, pathOrCommand, basePath, unitT
             if (globallyDisallowed) {
                 return {
                     block: true,
-                    reason: blockReason(unitType, policy.mode, `subagent dispatch of "${globallyDisallowed}" not permitted; only read-only specialists (${allowedPlanningDispatchAgentsList()}) may be dispatched from planning-dispatch units`),
+                    reason: blockReason(unitType, policy.mode, `subagent dispatch of "${globallyDisallowed}" not permitted; only read-only specialists (${allowedPlanningDispatchAgentsList()}) may be dispatched from ${policy.mode} units`),
                 };
             }
             const disallowedByPolicy = requested.find(a => !allowed.has(a));

package/dist/resources/extensions/gsd/commands/handlers/core.js

@@ -69,7 +69,7 @@ export function showHelp(ctx, args = "") {
         "  /gsd new-milestone  Create milestone from headless context (used by gsd headless)",
         "  /gsd new-project    Bootstrap a new project (use --deep for staged project-level discovery)",
         "  /gsd quick          Execute a quick task without full planning overhead",
-        "  /gsd dispatch       Dispatch a specific phase directly  [research|plan|execute|complete|uat|replan]",
+        "  /gsd dispatch       Dispatch a specific phase directly  [research|plan|execute|complete|validate|reassess|uat|replan]",
         "  /gsd verdict <v>    Override milestone validation verdict  [pass|needs-attention|needs-remediation] [--milestone Mxxx] [--rationale \"...\"]",
         "  /gsd parallel       Parallel milestone orchestration  [start|status|stop|pause|resume|merge|watch]",
         "  /gsd workflow       Custom workflow lifecycle  [new|run|list|validate|pause|resume]",

package/dist/resources/extensions/gsd/commands-prefs-wizard.js

@@ -11,6 +11,8 @@ import { fileURLToPath } from "node:url";
 import { getGlobalGSDPreferencesPath, getLegacyGlobalGSDPreferencesPath, getProjectGSDPreferencesPath, loadGlobalGSDPreferences, loadProjectGSDPreferences, loadEffectiveGSDPreferences, normalizePreferencesShape, resolveAllSkillReferences, } from "./preferences.js";
 import { loadFile, saveFile, splitFrontmatter, parseFrontmatterMap } from "./files.js";
 import { runClaudeImportFlow } from "./claude-import.js";
+const DEFAULT_WIDGET_MODE = "small";
+const WIDGET_MODE_OPTIONS = [DEFAULT_WIDGET_MODE, "full", "min", "off"];
 /** Extract body content after frontmatter closing delimiter, or null if none. */
 function extractBodyAfterFrontmatter(content) {
     const closingIdx = content.indexOf("\n---", content.indexOf("---"));
@@ -1509,7 +1511,7 @@ async function configureAdvanced(ctx, prefs) {
     else if (minRequestInterval !== undefined) {
         prefs.min_request_interval_ms = minRequestInterval;
     }
-    const widget = await promptEnum(ctx, "Auto-mode widget display", prefs.widget_mode, ["full", "small", "min", "off"], "full");
+    const widget = await promptEnum(ctx, "Auto-mode widget display", prefs.widget_mode, WIDGET_MODE_OPTIONS, DEFAULT_WIDGET_MODE);
     if (widget !== undefined)
         prefs.widget_mode = widget;
     const experimental = prefs.experimental ?? {};

package/dist/resources/extensions/gsd/commands-verdict.js

@@ -166,6 +166,6 @@ export async function handleVerdict(rawArgs, ctx, basePath) {
         ctx.ui.notify(`Milestone ${milestoneId} verdict: ${prevVerdict} -> ${effectiveVerdict} (${existingValidation.source})`, "success");
     }
     if (effectiveVerdict === "needs-remediation") {
-        ctx.ui.notify("Follow up with gsd_reassess_roadmap to add remediation slices, then re-run /gsd auto.", "info");
+        ctx.ui.notify("Follow up with /gsd dispatch reassess to add remediation slices, then re-run /gsd auto.", "info");
     }
 }

package/dist/resources/extensions/gsd/config-overlay.js

@@ -9,6 +9,7 @@
 import { matchesKey, Key, truncateToWidth } from "@gsd/pi-tui";
 import { renderDialogFrame, renderKeyHints } from "./tui/render-kit.js";
 import { loadEffectiveGSDPreferences, loadGlobalGSDPreferences, loadProjectGSDPreferences, getGlobalGSDPreferencesPath, getProjectGSDPreferencesPath, resolveDynamicRoutingConfig, resolveEffectiveProfile, resolveModelWithFallbacksForUnit, resolveAutoSupervisorConfig, } from "./preferences.js";
+const DEFAULT_WIDGET_MODE = "small";
 function collectConfigSections() {
     const sections = [];
     const globalPrefs = loadGlobalGSDPreferences();
@@ -157,7 +158,7 @@ function collectConfigSections() {
         toggleRows.push({ label: "search_provider", value: prefs.search_provider });
     if (prefs?.context_selection)
         toggleRows.push({ label: "context_selection", value: prefs.context_selection });
-    if (prefs?.widget_mode && prefs.widget_mode !== "full")
+    if (prefs?.widget_mode && prefs.widget_mode !== DEFAULT_WIDGET_MODE)
         toggleRows.push({ label: "widget_mode", value: prefs.widget_mode });
     if (prefs?.experimental?.rtk)
         toggleRows.push({ label: "experimental.rtk", value: "on" });

package/dist/resources/extensions/gsd/error-classifier.js

@@ -21,9 +21,10 @@ export function resetRetryState(state) {
 const PERMANENT_RE = /auth|unauthorized|forbidden|invalid.*key|invalid.*api|billing|quota exceeded|account/i;
 // Include provider-specific quota-window phrasing like:
 // - "You've hit your limit"
+// - "You've reached your limit"
 // - "usage limit" / "quota reached"
 // - "out of extra usage"
-const RATE_LIMIT_RE = /rate.?limit|too many requests|429|hit your limit|usage limit|out of extra usage|quota (?:reached|hit)|limit.*resets?/i;
+const RATE_LIMIT_RE = /rate.?limit|too many requests|429|(?:hit|reached) your (?:\w+ )?limit|(?:usage|session|weekly|daily|monthly|quota) limit|out of extra usage|quota (?:reached|hit)|limit.*resets?/i;
 // OpenRouter affordability-style quota errors should be treated as transient
 // so core retry logic can lower maxTokens and continue in-session.
 const AFFORDABILITY_RE = /requires more credits|can only afford|insufficient credits|not enough credits|fewer max_tokens/i;

package/dist/resources/extensions/gsd/exec-sandbox.js

@@ -247,6 +247,7 @@ function writeMeta(path, result, request, now) {
         id: result.id,
         runtime: result.runtime,
         purpose: request.purpose ?? null,
+        ...(request.metadata ? { metadata: request.metadata } : {}),
         script_chars: request.script.length,
         started_at: now.toISOString(),
         finished_at: new Date(now.getTime() + result.duration_ms).toISOString(),
@@ -260,6 +261,7 @@ function writeMeta(path, result, request, now) {
         stderr_truncated: result.stderr_truncated,
         stdout_path: result.stdout_path,
         stderr_path: result.stderr_path,
+        ...(request.metadata ? { metadata: request.metadata } : {}),
     };
     writeFileSync(path, `${JSON.stringify(meta, null, 2)}\n`);
 }

package/dist/resources/extensions/gsd/prompts/run-uat.md

@@ -37,7 +37,13 @@ You are the UAT runner. Execute every check defined in `{{uatPath}}` as deeply a
 
 Choose the lightest tool that proves the check honestly:
 
-- Run shell commands with `bash`
+- Run automated checks with `gsd_uat_exec`
+  - Use `uat-artifact-check` as `intent` for static file, grep, structure, or artifact checks.
+  - Use `uat-runtime-check` as `intent` for executing tests, scripts, or runtime assertions.
+  - Use `uat-browser-check` as `intent` for browser interaction or screenshot-backed UI checks.
+  - Use `uat-service-start` as `intent` only when starting or connecting to an app/service.
+  - Use `uat-log-inspection` as `intent` for checking logs or captured output files.
+  - The result-table evidence mode is separate; do not use `artifact`, `runtime`, or `human-follow-up` as `intent`.
 - Run `grep` / `rg` checks against files
 - Run `node` / other script invocations
 - Read files and verify their contents
@@ -48,7 +54,7 @@ Choose the lightest tool that proves the check honestly:
 For each check, record:
 - The check description (from the UAT file)
 - The evidence mode used: `artifact`, `runtime`, or `human-follow-up`
-- The command or action taken
+- The command or action taken, including the `gsd_uat_exec` evidence ID for automated checks
 - The actual result observed
 - `PASS`, `FAIL`, or `NEEDS-HUMAN`
 
@@ -57,7 +63,7 @@ After running all checks, compute the **overall verdict**:
 - `FAIL` — one or more automatable checks failed
 - `PARTIAL` — one or more automatable checks were skipped or returned inconclusive results (not the same as `NEEDS-HUMAN` — use PARTIAL only when the agent itself could not determine pass/fail for a check it was supposed to automate)
 
-Call `gsd_summary_save` with `milestone_id: {{milestoneId}}`, `slice_id: {{sliceId}}`, `artifact_type: "ASSESSMENT"`, and the full UAT result markdown as `content` — the tool computes the file path and persists to both DB and disk. The content should follow this format:
+Call `gsd_summary_save` with `milestone_id: "{{milestoneId}}"`, `slice_id: "{{sliceId}}"`, `artifact_type: "ASSESSMENT"`, and the full UAT result markdown as `content`. The tool computes the assessment path, persists to DB/disk, and saves the aggregate UAT gate. The content should follow this logical shape:
 
 ```markdown
 ---
@@ -86,6 +92,6 @@ date: <ISO 8601 timestamp>
 
 ---
 
-**You MUST call `gsd_summary_save` with the UAT result content before finishing.**
+**You MUST call `gsd_summary_save` with `artifact_type: "ASSESSMENT"` and the UAT result content before finishing. Do not write the assessment file directly.**
 
 When done, say: "UAT {{sliceId}} complete."

package/dist/resources/extensions/gsd/prompts/system.md

@@ -32,7 +32,7 @@ GSD ships with bundled skills. Installed skills are listed in `<available_skills
 - Never print, echo, log, or restate secrets or credentials. Report only key names and applied/skipped status.
 - Never ask the user to edit `.env` files or set secrets manually. Use `secure_env_collect`.
 - In enduring files, write current state only unless the file is explicitly historical.
-- **Never take outward-facing actions on GitHub or external services without explicit user confirmation.** This includes creating/closing issues, merging/approving/commenting on PRs, pushing remote branches, publishing packages, or any state change outside local filesystem. Read-only listing/viewing/diffing is fine. Present intent and get a clear "yes" first. **Non-bypassable:** no response, ambiguity, or `ask_user_questions` failure means re-ask; never rationalize past the block. Missing "yes" means "no."
+- **Never take outward-facing actions on GitHub or external services without explicit user confirmation.** This includes creating/closing issues, merging/approving/commenting on PRs, pushing remote branches, publishing packages, terragrunt/aws/kubectl mutations, or any state change outside local filesystem. Read-only listing/viewing/diffing is fine. Present intent and get a clear "yes" first. **Non-bypassable:** no response, ambiguity, or `ask_user_questions` failure means re-ask; never rationalize past the block. Missing "yes" means "no."
 
 If a `GSD Skill Preferences` block appears below, treat it as durable guidance for skills to use, prefer, or avoid unless it conflicts with artifact rules, verification, or higher-priority instructions.
 
@@ -160,4 +160,6 @@ Fix root causes, not symptoms. If applying temporary mitigation, label it and pr
 - When debugging, stay curious. Problems are puzzles. Say what's interesting about the failure before reaching for fixes.
 - After completing a task, give a brief summary and 2-4 numbered next-step options; last option is always "Other". Omit the list for strict output formats.
 
+  If any next step is destructive/outward-facing, present it via `ask_user_questions` and wait for the user's answer before execution. Do not execute a next-step item from a prior plain-text numbered list without fresh confirmation.
+
 Good narration states a decision or finding: "Three handlers follow a middleware pattern - using that instead of a custom wrapper." Bad narration just announces the next call ("Reading the file now.") or emits compressed planner notes ("Need create plan artifact maybe read existing plans.").

package/dist/resources/extensions/gsd/safety/destructive-guard.js

@@ -16,6 +16,9 @@ const DESTRUCTIVE_PATTERNS = [
     { pattern: /\btruncate\s+table\b/i, label: "SQL truncate" },
     { pattern: /\bchmod\s+777\b/, label: "world-writable permissions" },
     { pattern: /\bcurl\s.*\|\s*(bash|sh|zsh)\b/, label: "pipe to shell" },
+    { pattern: /\bterra(form|grunt)\s+(apply|destroy)/i, label: "IaC apply/destroy" },
+    { pattern: /\baws\s+\w+\s+(delete|create|put|remove|terminate)\b/i, label: "AWS mutation" },
+    { pattern: /\bkubectl\s+(delete|apply)\b/i, label: "kubectl mutation" },
 ];
 /**
  * Classify a bash command for destructive operations.

package/dist/resources/extensions/gsd/skill-activation.js

@@ -41,6 +41,16 @@ function tokenizeSkillContext(...parts) {
     }
     return tokens;
 }
+function tokenizeUnitType(unitType) {
+    const tokens = new Set();
+    const value = unitType?.trim().toLowerCase();
+    if (!value)
+        return tokens;
+    tokens.add(value);
+    tokens.add(value.replace(/[-_]+/g, " "));
+    tokens.add(value.replace(/[-_\s]+/g, ""));
+    return tokens;
+}
 function skillMatchesContext(skill, contextTokens) {
     const haystacks = [
         skill.name.toLowerCase(),
@@ -63,13 +73,20 @@ function ruleMatchesContext(when, contextTokens) {
     const whenTokens = tokenizeSkillContext(when);
     return [...whenTokens].some(token => contextTokens.has(token) || [...contextTokens].some(ctx => ctx.includes(token) || token.includes(ctx)));
 }
-function resolveSkillRuleMatches(prefs, contextTokens, base) {
+function ruleMatchesUnitType(when, unitType) {
+    if (!unitType)
+        return false;
+    const whenTokens = tokenizeSkillContext(when);
+    const unitTokens = tokenizeUnitType(unitType);
+    return [...unitTokens].some(token => whenTokens.has(token));
+}
+function resolveSkillRuleMatches(prefs, contextTokens, base, unitType) {
     if (!prefs?.skill_rules?.length)
         return { include: [], avoid: [] };
     const include = [];
     const avoid = [];
     for (const rule of prefs.skill_rules) {
-        if (!ruleMatchesContext(rule.when, contextTokens))
+        if (!ruleMatchesContext(rule.when, contextTokens) && !ruleMatchesUnitType(rule.when, unitType))
             continue;
         include.push(...resolvePreferenceSkillNames([...(rule.use ?? []), ...(rule.prefer ?? [])], base));
         avoid.push(...resolvePreferenceSkillNames(rule.avoid ?? [], base));
@@ -141,7 +158,7 @@ export function buildSkillActivationBlock(params) {
     for (const name of resolvePreferenceSkillNames(prefs?.always_use_skills ?? [], params.base)) {
         matched.add(name);
     }
-    const ruleMatches = resolveSkillRuleMatches(prefs, contextTokens, params.base);
+    const ruleMatches = resolveSkillRuleMatches(prefs, contextTokens, params.base, params.unitType);
     for (const name of ruleMatches.include)
         matched.add(name);
     for (const name of ruleMatches.avoid)

package/dist/resources/extensions/gsd/state-reconciliation/drift/roadmap.js

@@ -4,7 +4,7 @@
 // checkboxes) and the DB slice rows for that milestone, then re-renders the
 // ROADMAP projection from the authoritative DB rows.
 import { existsSync, readFileSync } from "node:fs";
-import { getMilestone, getMilestoneSlices, isDbAvailable, } from "../../gsd-db.js";
+import { getMilestone, getMilestoneSlices, getSliceTasks, isDbAvailable, } from "../../gsd-db.js";
 import { renderRoadmapFromDb } from "../../markdown-renderer.js";
 import { findMilestoneIds } from "../../milestone-ids.js";
 import { parseRoadmap } from "../../parsers-legacy.js";
@@ -18,6 +18,15 @@ function arraysEqual(a, b) {
             return false;
     return true;
 }
+function getSlicesReadyForDivergenceCheck(milestoneId, dbSlices) {
+    const ready = new Set();
+    for (const slice of dbSlices) {
+        if (isClosedStatus(slice.status) || getSliceTasks(milestoneId, slice.id).length > 0) {
+            ready.add(slice.id);
+        }
+    }
+    return ready;
+}
 function milestoneHasDivergence(basePath, milestoneId) {
     const roadmapPath = resolveMilestoneFile(basePath, milestoneId, "ROADMAP");
     if (!roadmapPath || !existsSync(roadmapPath))
@@ -31,6 +40,10 @@ function milestoneHasDivergence(basePath, milestoneId) {
     }
     const dbSlices = getMilestoneSlices(milestoneId);
     const dbSliceMap = new Map(dbSlices.map((s) => [s.id, s]));
+    const readySliceIds = getSlicesReadyForDivergenceCheck(milestoneId, dbSlices);
+    if (dbSlices.length > 0 && readySliceIds.size === 0) {
+        return false;
+    }
     const roadmapSliceIds = new Set();
     for (let i = 0; i < roadmap.slices.length; i++) {
         const roadmapSlice = roadmap.slices[i];
@@ -39,6 +52,8 @@ function milestoneHasDivergence(basePath, milestoneId) {
         const dbSlice = dbSliceMap.get(roadmapSlice.id);
         if (!dbSlice)
             return true; // Roadmap has a slice the DB doesn't.
+        if (!readySliceIds.has(dbSlice.id))
+            continue;
         if (dbSlice.sequence !== expectedSequence)
             return true;
         if (!arraysEqual(dbSlice.depends, roadmapSlice.depends))
@@ -47,6 +62,8 @@ function milestoneHasDivergence(basePath, milestoneId) {
             return true;
     }
     for (const dbSlice of dbSlices) {
+        if (!readySliceIds.has(dbSlice.id))
+            continue;
         if (!roadmapSliceIds.has(dbSlice.id))
             return true;
     }

package/dist/resources/extensions/gsd/state-reconciliation/index.js

@@ -2,6 +2,7 @@
 // File Purpose: ADR-017 drift-driven State Reconciliation Module entry point.
 // reconcileBeforeDispatch runs before every Dispatch decision and worker spawn.
 import { deriveState as defaultDeriveState, invalidateStateCache as defaultInvalidate, } from "../state.js";
+import { clearParseCache as defaultClearParseCache } from "../files.js";
 import { ReconciliationFailedError, } from "./errors.js";
 import { DRIFT_REGISTRY } from "./registry.js";
 export { ReconciliationFailedError } from "./errors.js";
@@ -10,6 +11,7 @@ const MAX_PASSES = 2;
 const defaultDeps = {
     invalidateStateCache: defaultInvalidate,
     deriveState: defaultDeriveState,
+    clearParseCache: defaultClearParseCache,
 };
 /**
  * Drift-driven pre-dispatch reconciliation per ADR-017.
@@ -27,6 +29,7 @@ const defaultDeps = {
  */
 export async function reconcileBeforeDispatch(basePath, deps = defaultDeps) {
     const registry = deps.registry ?? DRIFT_REGISTRY;
+    const clearParseCache = deps.clearParseCache ?? defaultClearParseCache;
     const repaired = [];
     for (let pass = 0; pass < MAX_PASSES; pass++) {
         deps.invalidateStateCache();
@@ -67,6 +70,9 @@ export async function reconcileBeforeDispatch(basePath, deps = defaultDeps) {
                 failures.push({ drift: record, cause });
             }
         }
+        if (repairedThisPass) {
+            clearParseCache();
+        }
         if (blockers.length > 0) {
             let blockerState = stateSnapshot;
             if (repairedThisPass) {

package/dist/resources/extensions/gsd/state.js

@@ -35,7 +35,7 @@ function formatNeedsRemediationBlocker(milestoneId) {
     return [
         `Milestone ${milestoneId} is blocked because milestone validation returned needs-remediation, but all slices are complete.`,
         `Fix options:`,
-        `1. Add remediation slices with \`gsd_reassess_roadmap\`, then run \`/gsd auto\``,
+        `1. Run \`/gsd dispatch reassess\` to add remediation slices, then run \`/gsd auto\``,
         `2. If the finding is acceptable, override it: \`/gsd verdict pass --rationale "why this is okay"\``,
         `3. If this should wait, defer it explicitly: \`/gsd park ${milestoneId}\``,
     ].join("\n");

package/dist/resources/extensions/gsd/tools/exec-tool.js

@@ -5,6 +5,27 @@ import { realpathSync } from "node:fs";
 import path from "node:path";
 import { isContextModeEnabled } from "../preferences-types.js";
 import { contextModeDisabledResult } from "./context-mode-tool-result.js";
+const UAT_EXEC_INTENTS = [
+    "uat-artifact-check",
+    "uat-runtime-check",
+    "uat-browser-check",
+    "uat-service-start",
+    "uat-log-inspection",
+];
+const UAT_EXEC_INTENT_ALIASES = {
+    artifact: "uat-artifact-check",
+    "artifact-driven": "uat-artifact-check",
+    runtime: "uat-runtime-check",
+    "runtime-executable": "uat-runtime-check",
+    "live-runtime": "uat-runtime-check",
+    browser: "uat-browser-check",
+    "browser-executable": "uat-browser-check",
+    service: "uat-service-start",
+    "service-start": "uat-service-start",
+    log: "uat-log-inspection",
+    logs: "uat-log-inspection",
+    "log-inspection": "uat-log-inspection",
+};
 export function buildExecOptions(baseDir, cfg, extras) {
     const allowlist = Array.isArray(cfg?.exec_env_allowlist) ? cfg.exec_env_allowlist : EXEC_DEFAULTS.envAllowlist;
     const stdoutCap = clampNumber(cfg?.exec_stdout_cap_bytes, EXEC_DEFAULTS.stdoutCapBytes, 4_096, 16_777_216);
@@ -73,6 +94,39 @@ function normalizeScript(params) {
     }
     return paramError("script is required and must be a non-empty string");
 }
+function normalizeRequiredString(value, field) {
+    if (typeof value !== "string" || value.trim().length === 0) {
+        return paramError(`${field} is required and must be a non-empty string`);
+    }
+    return value.trim();
+}
+function normalizeUatIntent(value) {
+    if (typeof value !== "string") {
+        return paramError(`intent is required and must be one of: ${UAT_EXEC_INTENTS.join(", ")}`);
+    }
+    const normalized = value.trim().toLowerCase();
+    if (UAT_EXEC_INTENTS.includes(normalized))
+        return normalized;
+    const alias = UAT_EXEC_INTENT_ALIASES[normalized];
+    if (alias)
+        return alias;
+    return paramError(`invalid intent "${value}" — must be one of: ${UAT_EXEC_INTENTS.join(", ")}`);
+}
+function rejectUatScript(script) {
+    const patterns = [
+        { re: /\b(?:npm|pnpm|yarn|bun)\s+(?:i|install|add|remove|update|upgrade)\b/i, reason: "package dependency mutation is not allowed during UAT" },
+        { re: /\b(?:pip|pip3|python\s+-m\s+pip)\s+install\b/i, reason: "package dependency mutation is not allowed during UAT" },
+        { re: /\bgit\s+(?:add|commit|push|reset|checkout|switch|merge|rebase|clean|rm|mv|tag|branch)\b/i, reason: "git mutations are not allowed during UAT" },
+        { re: /\brm\s+-[^\n\r;|&]*r[^\n\r;|&]*f\b/i, reason: "destructive filesystem cleanup is not allowed during UAT" },
+        { re: /\b(?:env|printenv)\b(?:\s|$)/i, reason: "dumping environment variables is not allowed during UAT" },
+        { re: /\bcat\s+\.env(?:\b|\.|$)/i, reason: "reading credential files is not allowed during UAT" },
+    ];
+    for (const pattern of patterns) {
+        if (pattern.re.test(script))
+            return pattern.reason;
+    }
+    return null;
+}
 function isToolExecutionResult(value) {
     return typeof value === "object" && value !== null && Array.isArray(value.content);
 }
@@ -207,6 +261,7 @@ export async function executeGsdExec(params, deps) {
             runtime,
             script,
             ...(typeof params.purpose === "string" ? { purpose: params.purpose } : {}),
+            ...(params.metadata && typeof params.metadata === "object" ? { metadata: params.metadata } : {}),
             ...(typeof params.timeout_ms === "number" ? { timeout_ms: params.timeout_ms } : {}),
         }, opts);
         return formatResult(result);
@@ -220,6 +275,60 @@ export async function executeGsdExec(params, deps) {
         };
     }
 }
+export async function executeUatExec(params, deps) {
+    const milestoneId = normalizeRequiredString(params.milestoneId, "milestoneId");
+    if (isToolExecutionResult(milestoneId))
+        return milestoneId;
+    const sliceId = normalizeRequiredString(params.sliceId, "sliceId");
+    if (isToolExecutionResult(sliceId))
+        return sliceId;
+    const checkId = normalizeRequiredString(params.checkId, "checkId");
+    if (isToolExecutionResult(checkId))
+        return checkId;
+    const intent = normalizeUatIntent(params.intent);
+    if (isToolExecutionResult(intent))
+        return intent;
+    const script = normalizeScript(params);
+    if (isToolExecutionResult(script))
+        return script;
+    const rejected = rejectUatScript(script);
+    if (rejected) {
+        return {
+            content: [{ type: "text", text: `Error: gsd_uat_exec blocked command — ${rejected}` }],
+            details: { operation: "gsd_uat_exec", error: "uat_exec_policy_block", reason: rejected },
+            isError: true,
+        };
+    }
+    const result = await executeGsdExec({
+        ...params,
+        script,
+        purpose: typeof params.purpose === "string" && params.purpose.trim().length > 0
+            ? params.purpose
+            : `UAT ${milestoneId}/${sliceId}/${checkId} (${intent})`,
+        metadata: {
+            kind: "uat_exec",
+            milestoneId,
+            sliceId,
+            checkId,
+            intent,
+            ...(typeof params.expected === "string" && params.expected.trim().length > 0
+                ? { expected: params.expected.trim() }
+                : {}),
+        },
+    }, deps);
+    const details = result.details ?? {};
+    return {
+        ...result,
+        details: {
+            ...details,
+            operation: "gsd_uat_exec",
+            milestoneId,
+            sliceId,
+            checkId,
+            intent,
+        },
+    };
+}
 function formatResult(result) {
     const headerLines = [
         `gsd_exec[${result.id}] runtime=${result.runtime} exit=${formatExit(result)} duration=${result.duration_ms}ms`,