gm-cc 2.0.586 → 2.0.588

package/.claude-plugin/marketplace.json

@@ -4,7 +4,7 @@
     "name": "AnEntrypoint"
   },
   "description": "State machine agent with hooks, skills, and automated git enforcement",
-  "version": "2.0.586",
+  "version": "2.0.588",
   "metadata": {
     "description": "State machine agent with hooks, skills, and automated git enforcement"
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gm-cc",
-  "version": "2.0.586",
+  "version": "2.0.588",
   "description": "State machine agent with hooks, skills, and automated git enforcement",
   "author": "AnEntrypoint",
   "license": "MIT",

package/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "gm",
-  "version": "2.0.586",
+  "version": "2.0.588",
   "description": "State machine agent with hooks, skills, and automated git enforcement",
   "author": {
     "name": "AnEntrypoint",

package/skills/gm/SKILL.md

@@ -61,7 +61,7 @@ All work coordination, planning, execution, and verification happens through the
 
 All code execution uses `exec:<lang>` via the Bash tool — never direct `Bash(node ...)` or `Bash(npm ...)`.
 
-**Every `git push` is a remote code execution. Watch the triggered GitHub Actions runs immediately — `gh run list` to enumerate, `gh run watch <id> --exit-status` per run, `gh run view --log-failed` on failure. Silent pushes are contract violations. Full protocol in `gm-execute`.**
+**Every `git push` triggers GitHub Actions. CI is auto-watched by the Stop hook — outcomes (green / failed / still-running) appear in next-turn context. No manual `gh run watch` needed. `gh run view <id> --log-failed` is for on-demand failure diagnosis only. Full behaviour in `gm-execute`.**
 
 Do not use `EnterPlanMode`. Do not run code directly via Bash. Invoke `planning` skill first.
 

package/skills/gm-complete/SKILL.md

@@ -133,38 +133,14 @@ git log origin/main..HEAD --oneline
 ```
 Must return empty. If not: stage → commit → push → re-verify. Local commit without push ≠ complete.
 
-## CI ENFORCEMENT
+## CI ENFORCEMENT — AUTOMATED
 
-After push, monitor all triggered GitHub Actions runs until they complete:
+The Stop hook automatically watches GitHub Actions runs whose `headSha` matches the just-pushed HEAD. You do not call `gh run list` / `gh run watch` manually.
 
-1. List runs triggered by the push:
-```
-exec:bash
-gh run list --limit 5 --json databaseId,name,status,conclusion,headBranch
-```
-
-2. For each run that is `in_progress` or `queued`, poll until it completes:
-```
-exec:bash
-gh run watch <run_id> --exit-status
-```
-
-3. If a run fails, view the logs to diagnose:
-```
-exec:bash
-gh run view <run_id> --log-failed
-```
-
-4. Fix the root cause → snake to the appropriate phase (emit for file issues, execute for logic issues, planning for new unknowns) → re-push → re-monitor.
-
-5. All runs must reach `conclusion: success` before advancing. A failed CI run is a KNOWN mutable that blocks completion — never ignore it.
-
-**Cascade awareness**: pushes to this repo may trigger downstream workflows (see AGENTS.md Rust Binary Update Pipeline). After local CI passes, check downstream repos for triggered runs:
-```
-exec:bash
-gh run list --repo AnEntrypoint/<downstream-repo> --limit 3 --json databaseId,name,status,conclusion
-```
-Monitor any cascade runs the same way — poll, diagnose failures, fix if the cause is in this repo.
+- All-green runs → Stop approves with a CI summary appended to context for the next turn.
+- Any failed / cancelled / timed-out / action_required run → Stop blocks with the failed run names + IDs in the reason. Treat that as a KNOWN mutable: investigate (`gh run view <id> --log-failed` only when explicitly diagnosing), fix the root cause, regress to the appropriate phase, push again — the hook re-watches automatically.
+- Watch deadline default 180s, override with `GM_CI_WATCH_SECS`. If the deadline passes with runs still in flight, Stop approves with "still in progress" so you do not block on slow Pages-deploy / npm-publish jobs forever.
+- Cascade awareness: if a push to this repo triggers downstream workflows in another repo, those are NOT automatically watched (only same-repo). Manual cascade check stays for those rare cases.
 
 ## CODEBASE HYGIENE SWEEP
 

package/skills/gm-execute/SKILL.md

@@ -85,38 +85,17 @@ exec:runner
 start|stop|status
 ```
 
-## GIT PUSH = CI WATCH — MANDATORY EVERY TIME
+## GIT PUSH = AUTOMATIC CI WATCH
 
-A `git push` that is not immediately followed by a CI watch is an unwitnessed execution and a violation of this contract. The push triggers GitHub Actions workflows; those workflows are remote execution whose results are ground truth. Every push — intermediate commits during EXECUTE, doc pushes during UPDATE-DOCS, every push — triggers this same protocol:
+The Stop hook automatically watches GitHub Actions runs whose `headSha` matches the just-pushed HEAD. Every push is watched without manual `gh run list` / `gh run watch` calls.
 
-1. Immediately after `git push` succeeds, list the runs the push triggered:
-```
-exec:bash
-gh run list --limit 5 --json databaseId,name,status,conclusion,headBranch,event,createdAt
-```
-
-2. For every run with `status` = `queued` or `in_progress` (from this push), watch until terminal:
-```
-exec:bash
-gh run watch <run_id> --exit-status
-```
-
-3. On failure, inspect logs and decide:
-```
-exec:bash
-gh run view <run_id> --log-failed
-```
-- Caused by your change → regress to the appropriate phase (emit for file issues, execute for logic, planning for new unknowns), fix, re-push, re-watch.
-- Pre-existing (not introduced by this session) → document as a known issue in CLAUDE.md with the failing workflow name and reason, then continue. A pre-existing failure is still a KNOWN mutable, just resolved differently.
-
-4. Cascade: a push may trigger downstream repo workflows (see AGENTS.md pipeline notes). After local CI reaches terminal state, check downstream:
-```
-exec:bash
-gh run list --repo AnEntrypoint/<downstream> --limit 3 --json databaseId,name,status,conclusion
-```
-Watch and triage the same way.
+- All-green → Stop appends a CI summary to its approve reason; you see it in the next turn's context.
+- Any failure → Stop blocks with the failed run names + IDs; treat that as a KNOWN mutable, regress to the right phase, push again — the hook re-watches.
+- Default deadline 180s (override `GM_CI_WATCH_SECS`); if it elapses with runs still in flight, Stop approves with "still in progress" so slow Pages-deploy / npm-publish jobs do not stall completion.
+- For diagnosing a specific failure, `gh run view <id> --log-failed` is permitted on demand.
+- Cascade (downstream-repo workflows triggered indirectly) is NOT auto-watched — only same-repo. Manual cascade check stays for those rare cases.
 
-**Zero silent pushes.** Not watching a CI run you triggered = operating outside this contract. This rule supersedes any implicit assumption that CI can be "checked later in gm-complete" — if you are about to push, you are about to execute code remotely, so the watch happens now.
+**Zero silent pushes** is now an automatic invariant of the hook layer; do not duplicate it as manual instructions.
 
 ## CODEBASE EXPLORATION — exec:codesearch ONLY